Webserver: chrooted PHP gives mysql.sock error when attempting to reach mysql

mysql linux ubuntu php chroot

I have configured an Ubuntu webserver with Nginx + PHP5-FPM. I have created a chrooted environment (using jailkit) that I'm tossing my developers into, from where they can develop their test applications.

Chroot jail: /home/jail

Nginx and PHP5-FPM run outside the chroot, but are configured to function with websites within the chrooted environment.

So far, Nginx and PHP5-FPM are serving up files without issue, except for the following: When attempting to connect to MySQL, we receive this error: SQLSTATE[HY000] [2002] Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock'

Now, I believe the issue is due to the non-chrooted php.ini referencing mysqld.sock outside of the chroot environment (it's actually using the MySQL default setting currently).

My question is, how can I configure PHP to access MySQL via loopback or similar? (Found that as a suggestion in a google result, but without any instructions)

Or if I'm missing some other obvious setting, let me know. If there's an option of creating a hardlink (that would remain available even if mysql is restarted), that would be handy as well.


I solved my own issue. Jailkit couldn't create a hard link reference to mysqld.sock, as Ubuntu stores /var/run in tmpfs, which appears to the system to be a separate partition (which breaks hardlink functionality). I instead am now mounting /var/run/mysqld in the jail now, like so: mount --bind /var/run/mysqld /home/jail/var/run/mysqld/


How about using as host value 127.0.0.1? It uses TCP connection which doesn't write socket (unlike localhost value on unix).


Remounting using --bind for the chroot looks like a workable suggestion. However, IMHO connecting to MySQL using a TCP socket (127.0.0.1) seems cleaner, more secure and less likely to go wrong.

The reason I say that is that various sources including http://blog.dispatched.ch/postfix-and-mysql-debian/ and https://stackoverflow.com/questions/11389214/postfix-cant-connect-with-mysql-table-when-using-unix-socket-postmap-succeeds suggest adding to the fstab:

 /var/run/mysqld /home/jail/var/run/mysqld bind defaults,bind 0 0

Be cautious with that: Debian at least cleans out /var/run on reboot, so the mount will fail at boot time, and so will your service. Of course you could instead use:

 /var/run /home/jail/var/run bind defaults,bind 0 0

Related

Puppet Testing if a file exist
Load Balancing Best Practices for Persistence
Relative substitution in mod_rewrite RewriteRule
Ways to convince management of a high cost
How to securely manage private keys for EC2-managed key pairs?
lvremove claims LV to be open
Redis won't shutdown
Php5-fpm Crash if much visitors
How do I install dotNet Framework 3.51 on Windows Server 2012 core?
Where are OS X man pages stored?
sftp/ssh failing after adding "Match group" clause
HTTP, TCP, UDP and connectionless