You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "--[ UxBoD ]--" <ux...@splatnix.net> on 2011/05/04 17:05:10 UTC

Re: [users@httpd] Chroot a virtual host

----- Original Message -----
> ----- Original Message -----
> > Hi,
> > 
> > I have noticed that when running Joomla, or in-fact any browsing
> > capable PHP code, I am able to navigate above my virtual host
> > document root and look at other virtual host files.
> > 
> > How would one stop this ? I have taken a look at mod_chroot but
> > that
> > does not seem to work as ChrootDir can only be used in the main
> > configuration and not in the VirtualHost directive.
> > 
> > For reference I am running Apache 2.2.17.
> 
> I have tried to create a second instance of HTTP, running on port
> 8080, using the following conf:
> 
> LoadModule chroot_module      modules/mod_chroot.so
> LoadModule headers_module     modules/mod_headers.so
> LoadModule rewrite_module     modules/mod_rewrite.so
> LoadModule expires_module     modules/mod_expires.so
> LoadModule auth_basic_module  modules/mod_auth_basic.so
> LoadModule php5_module        modules/libphp5.so
> LoadModule deflate_module     modules/mod_deflate.so
> 
> LoadFile /lib64/libnss_dns.so.2
> 
> AddHandler php5-script php
> 
> Listen 8080
> 
> ChrootDir    /www/somevhost.co.uk
> ServerRoot   /
> DocumentRoot /htdocs
> 
> RequestHeader Set Host www.somevhost.co.uk
> PidFile /var/run/apache2.pid
> Timeout 300
> KeepAlive On
> MaxKeepAliveRequests 100
> KeepAliveTimeout 15
> 
> User somevhost.co.uk
> Group somevhost.co.uk
> 
> HostnameLookups Off
> LogLevel warn
> 
> ErrorLog  /logs/error.log
> CustomLog /logs/access.log combined
> 
> <IfModule dir_module>
>     DirectoryIndex index.html index.php
> </IfModule>
> 
> AccessFileName .htaccess
> 
> <Files ~ "^\.ht">
>     Order allow,deny
>     Deny from all
> </Files>
> 
> <Directory /htdocs>
>     Order deny,allow
>     Allow from all
>     AllowOverride All
> </Directory>
> 
> Though when I run :-
> 
> /usr/local/apache/bin/httpd -f /www/somevhost.co.uk/conf/apache2.conf
> -k start
> 
> it complains that it cannot find the DocumentRoot directory which
> would suggest that the Chroot is not taking place.  If I use
> absolute paths then HTTPD does indeed  start but a phpinfo() returns
> the path as being /www/somevhost.co.uk/htdocs instead of /htdocs.
> 
> Any ideas what I could be doing wrong please ?

Finally got this to work as it appears to be a bug in Apache and you have to create a fake root eg. /www/somevhost.co.uk/www.

What I am struggling with is that the Joomla site works fine until you come to try and install a component or module. It loads up to 100% and then it just says it cannot install. All the permissions look fine and it was working before switching to a chroot environment. Any thoughts ?

-- 
Thanks, Phil