You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Richard <gu...@telpacific.com.au> on 2002/03/20 17:57:31 UTC
CGIwrap's chroot
I am working on CGIWrap these days. I install this
because I want to limit the user in certain directories.
But, I cann't work this out.
All my virtual hosts are under the directory /home/clients
eg. /home/clients/site1, /home/clients/site2
all these sites' html files are located in
/home/clients/username/http
and the cgi-bin directory is at
/home/clients/username/cgi-bin
All these users are in the same group 'clients'.
I configure the cgiwrap with
./configure --with-cgi-dir=cgi-bin --with-install-dir=/usr/local/cgiwrap --with-httpd-user=nobody --with-install-group=wheel --with-chroot=../..
Then compile it.
I added the following settings in my httpd.conf in apache
<VirtualHost 192.168.0.2>
DocumentRoot /home/clients/123
ServerName site123
ScriptAlias /cgi-bin/ /usr/local/cgiwrap/
UserDir http
ScriptAliasMatch ~(.*)/cgi-bin/(.*) /home/clients/$1/cgi-bin/$2
</VirtualHost>
I use http://site123/cgi-bin/cgiwrap/123/env.cgi to test. Everything
seems to be well. However, I noticed that I can still go to
/ or /usr by using system() or readdir. Obveriously, the CHROOTing
is not working properly.
Then I tried
--with-chroot=/ the same problem.
--with-chroot=.. CGI cann't execute
--with-chroot=/home/clients CGI cann't execute
I tried sbox, with configuration
#define ROOT "../.."
#define CGI_BIN "../cgi-bin"
Everything goes well, and I can limit the users in a directory.
However, sbox does not seem to support a lot of Perl scripts.
Many scripts cann't execute after I installed the sbox.
Can anyon know how to work out the Chroot in CGIwrap?
Anyone who can help me will be very appreciated.
Thank you.
Richard