Kernel kernel-2.6.32-458.6.2.lve1.2.30 for CL6 and hybrid systems had been released to production. The kernel improves performance on systems with 1000+ accounts and fixes issue with IO limits that would allow bursting by default.
Scheduler no longer calls update_h_load (performance improvement for servers with 1000+ accounts)
iolimits latency value is now configurable and off by default
If you have decided that you want to build your own PHP extension for your customers to use, you might want to do it for each and every supported version of PHP that you have installed. While you donít have to do that, by installing it for all versions will remove questions that might come up from someone who wants to switch from one version of PHP to another.
The PHP module installation process for alt-php is the same as you would do for standard PHP installation. The only difference is that you have to explicitly use correct version of phpize. Like for PHP 5.2, you would use alt-phpize command /opt/alt/php52/usr/bin/phpize instead of system one, and after compilation finished:
- add ini files for modules to /opt/alt/php52/etc/php.d.all - add so files to /opt/alt/php52/usr/lib/php/modules - execute cagefsctl --setup-cl-selector
And do the same for every php version this module should be available.
There is an alternative to that process: Contact our support department at helpdesk.cloudlinux.com, and in most cases we will package that PHP extension into alt-php within one or two weeks.
PHP Selector packages wide number of PHP extends, but sometimes you might want to add one more.
You can install additional PEAR packages serverwide by running /opt/alt/phpXX/usr/bin/pear command line tool, where XX is php version you need a package for. For example to install Auth package for php52 you would do:
/opt/alt/php52/usr/bin/pear install Auth
Checking if the package is installed from the user side is also easy - enter int cagefs for that user:
cagefsctl --enter USER
and check if package is visible:
/opt/alt/php52/usr/bin/pear list | grep Auth
By default, PEAR packages are installed to /opt/alt/phpXX/usr/share/pear directory. To make sure that those packages are available to web applications the path should be included with your php.ini. You can check include_path from phpinfo() page. If path is not there, you may need to edit /opt/alt/phpXX/etc/php.ini and add something like:
include_path = ".:/usr/share/pear:/opt/alt/phpXX/usr/share/php:/opt/alt/phpXX/usr/share/pear"
New beta kernel is available. The kernel fixes performance issue for servers with 1000+ clients on it. The performance improvement might be especially pronounced on servers with 5,000+ clients.
It also fixes the issue introduced in lve22.214.171.124 kernel that would allow some heavy IO usage customers to burst & use more than allocated limit.
Scheduler no longer calls update_h_load
iolimits latency value is now configurable and off by default
To update CL6 servers:
$ yum install kernel-2.6.32-458.6.2.lve1.2.29.el6 --enablerepo=cloudlinux-updates-testing
To update Hybrid servers:
$ yum install kernel-2.6.32-458.6.2.lve1.2.29.el5h --enablerepo=cloudlinux-hybrid-testing
We are planning to upgrade our CLN server on July 11. The CLN server will be unavailable from 3am to 7am EDT. At that time you will not be able to register new servers as well as update or install any new packages.
Bugfix: cagefsctl --remove-cl-selector, cagefsctl --cl-selector-reset-versions, cagefsctl --cl-selector-reset-modules: do not fail when /etc/cl.selector/defaults.cfg does not exist (bugfix)
cagefsctl: write all uncaught exceptions to syslog
Plesk Bugfix: cagefsctl --enter: mount CageFS for the user when needed
cPanel: speed up cagefsctl --force-update: mount additional directories for cPanel instead of copying them to cagefs-skeleton. Added /usr/local/cpanel/3rdparty/bin/php*, /usr/local/cpanel/3rdparty/bin/perl*, /usr/local/cpanel/3rdparty/bin/python to CageFS
cPanel: added /usr/local/cpanel/3rdparty/bin/php to CageFS
cPanel: register CageFS plugin via appconfig in cPanel 11.38.1+ (CAG-171)
Bugfix: cagefsctl: do not aquire lock when executing --remount, --enable, --disable, --mount-skel, --unmount-skel
native php.ini has been moved from /usr/share/cagefs-skeleton/selector/php.ini to /usr/share/cagefs-skeleton/selector.etc/php.ini (required for ability to substitute php.ini via custom.etc)
ISPManager: API bugfix
Bugfix: properly handle write errors to user directory when user is over quota, so files will not be truncated
Bugfix: always write setting of socket for rsyslog
Added spelling packages to CageFS
Bugfix: litespeed configuration failed (CAG-169)
Added hooks for CageFS in DirectAdmin (CAG-141)
Added conflict with LVE Manager < 0.6-18
$ yum update cagefs --enablerepo=cloudlinux-updates-testing
We are often asked how to prevent particular php function from being used by all clients. This is especially true about functions like exec, passthru, etc... This is something that can be easily done with php-selector. Your customers are only allowed to modify directives listed in /etc/cl.selector/php.conf file. For example if you want to block system command like 'exec' for php53 you have to add 'disable_functions=exec' in /opt/alt/php53/etc/php.ini file. As long as this directive is absent in /etc/cl.selector/php.conf file, users will not be able to use 'exec' in their scripts.
Do you want a quick check of what directives your users may customize? Execute the following command as root on your server:
# grep Directive /etc/cl.selector/php.conf
Yet, trying to secure your hosting with php.ini is wrong approach. It might work for php processes, but it will not work for CGI scripts. The secure environment is already established by CageFS which limits what processes can see or do to only safe actions.
This kernel is re-base to latest upstream kernel 042stab078.27, that includes similar fix as the one in the kernel released yesterday. If you have already updated to that kernel yesterday, there is no need to update.
If you are still running lve126.96.36.199 or older kernel, update is highly recommended.
Do you have questions about how php-selector works or how to customize php for your needs? We will try to answer them in next few posts.
PHP Selector is a CloudLinux component that sits on top of CageFS and allows each user to select PHP version & modules based on the customer's needs
Global PHP defaults for PHP Selector - php version and enabled modules are configured in /etc/cl.selector/defaults.cfg .
Default values are one applied for all users and are active as long as they are not changed by use. They are set in /opt/alt/phpXX/etc/php.ini file, where XX is the php version. For example, default php.ini for php 5.3 will be /opt/alt/php53/etc/php.ini . The settings from that file will not be overwritten with the next update, so that is the place where you should set your customized values like timezone or disable_functions, etc...
Users can change php values using control panel interface. By doing that, new /etc/cl.php.d/alt-php52/alt_php.ini file will be generated (path accessible only from inside of CageFS and will have different file for each user). Settings in that file will overwrite settings from php.ini . The exhaustive list of directives and values that customers are allowed to change are set in /etc/cl.selector/php.conf file.
The command cagefsctl --rebuild-alt-php-ini rebuilds customers alt_php.ini files, based on custom values from /home/USER/.cl.selector/alt_phpXX.cfg.
Checking current PHP version for any specific customer could be done with /usr/bin/cl-selector --current=php --user=USERNAME command.
Administrator may force update of any individual php.ini settings using /usr/bin/piniset tool.
Example command to change upload maximum filesize value would be:
The new version provides security update for two security vulnerabilities. One of the vulnerabilities is for WHM/cPanel, and requires Reseller access to the server. Special thanks to Patrick H. from SYN Hosting and Steven Ciaburri from Rack911.com for discovering the vulnerability
security fix for cPanel preventing privilege escalation by reseller.
fix permissions and ownership of suphp/suexec binaries for InterWorx