How to add PHP support for jailed SSH users in ISPConfig 3

Jailkit is an easy-to-use tool to create and maintain jail environments for shell users on Linux. In this guide, I will show you how to move PHP and its dependencies into the jail so that the jailed user can execute PHP scripts inside the jail on an ISPConfig server.

Edit the jailkit .ini file and add a section for PHP at the end of the file

Starting with ISPConfig 3.2, there is already a section for PHP in the jailkit .ini file, so you can skip the step to edit jk_init.ini file.

Open the jk_init.ini file with an editor if you are using ISPConfig 3.1 (and not 3.2):

nano /etc/jailkit/jk_init.ini

and paste the following lines at the end of the file:

[php]
comment = the php interpreter and libraries
executables = /usr/bin/php
directories = /usr/lib/php, /usr/share/php, /etc/php, /usr/share/php-geshi, /usr/share/zoneinfo
includesections = env

[env]
comment = environment variables
executables = /usr/bin/env

Then run the command (this command is required in ISPConfig 3.1 and 3.2):

jk_init -c /etc/jailkit/jk_init.ini -f -k -j /var/www/clients/client1/web1 php

To install PHP and its dependencies into the jail.

Add PHP for all newly jailed shell users

To add PHP for all newly jailed shell users that you add in ISPConfig, follow these steps:

  1. Login to ISPConfig and go to System > Server Config
  2. Select the server and go to the jailkit tab.
  3. Add the word "php" separated by a white space at the end of the "Jailkit chroot app sections" field and press save.

ISPConfig PHP Jailkit

Leave a Comment