You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Chuck Amadi <ch...@smtl.co.uk> on 2004/11/10 15:28:21 UTC
[users@httpd] mod_chroot Apache 2 Linux - Help and Advice .
Hi has anyone got running a Chrooted Apache 2 using mod_chroot module .
Apart from
http://core.segfault.pl/~hobbit/mod_chroot/install.html
This url link I cant seem to find much ie examples of httpd.conf and any
FAQ or troubleshooting tips .
So if anyone has any url's or example of their chrooted apache 2 using
mod_chroot I would like some advice .
I have currently the chrooted apache 2 - the hard way but due to
Creating this structure was informative and useful plus fun. Run the
program, read the error message, copy the missing file, start over. But
due to patching and upgrading - I have to keep our "virtual root"
current - if there is a bug or a new apache 2 release I have to put a
new version in two places.
TIA
Chuck
Chuck Amadi, Systems Administrator, | http://www.smtl.co.uk/
Surgical Materials Testing Lab, | http://www.worldwidewounds.com/
Princess of Wales Hospital, S Wales | http://www.dressings.org/
Tel/Fax: +44 1656-752820 | chuck@smtl.co.uk
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_chroot Apache 2 Linux - Help and Advice .
Posted by Chuck Amadi <ch...@smtl.co.uk>.
Thanks for the advice I will pursue your suggestions
Chuck
On Wed, 2004-11-10 at 16:36, Scott Gifford wrote:
> Chuck Amadi <ch...@smtl.co.uk> writes:
>
> > Hi I will hack that useful script and use on the chrooted test apache 2
> > server .But I would love some advice or tips as I know my boss will
> > insist that this is the best route to go .
>
> If you're on Linux, you can see the root directory of a process by
> looking in the directory:
>
> /proc/$PID/root
>
> You may also see something useful in the logs. If all else fails
> doing an strace of the httpd process as it starts up may tell you
> what's going on.
>
> Good luck,
>
> ----ScottG.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
--
Chuck Amadi, Systems Administrator, | http://www.smtl.co.uk/
Surgical Materials Testing Lab, | http://www.worldwidewounds.com/
Princess of Wales Hospital, S Wales | http://www.dressings.org/
Tel/Fax: +44 1656-752820 | chuck@smtl.co.uk
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_chroot Apache 2 Linux - Help and Advice .
Posted by Scott Gifford <sg...@suspectclass.com>.
Chuck Amadi <ch...@smtl.co.uk> writes:
> Hi I will hack that useful script and use on the chrooted test apache 2
> server .But I would love some advice or tips as I know my boss will
> insist that this is the best route to go .
If you're on Linux, you can see the root directory of a process by
looking in the directory:
/proc/$PID/root
You may also see something useful in the logs. If all else fails
doing an strace of the httpd process as it starts up may tell you
what's going on.
Good luck,
----ScottG.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_chroot Apache 2 Linux - Help and Advice .
Posted by Chuck Amadi <ch...@smtl.co.uk>.
Hi I will hack that useful script and use on the chrooted test apache 2
server .But I would love some advice or tips as I know my boss will
insist that this is the best route to go .
I have used ChrootDir directive and I believe it's working as I have run
httpd -t and the syntax is ok.
The problem is that DocumentRoot "/" in the httpd.file can't seem to
locate my virtual host sites which reside in "/chroot/apache2/www"
Thus my setup is SuSE Linux O/s Apache 2 httpd.conf file .
# The location of where the Server is :
ServerRoot "/usr/apache2/apache-test"
# Change to web root :
ChrootDir "/chroot/apache2/www"
# DocumentRoot The directory out of which you will serve your documents
:
DocumentRoot "/"
# My website files reside in /chroot/apache2/www
Thanx for the script /
TIA
Chuck
On Wed, 2004-11-10 at 15:57, Scott Gifford wrote:
> Chuck Amadi <ch...@smtl.co.uk> writes:
>
> > Hi has anyone got running a Chrooted Apache 2 using mod_chroot module .
> >
> > Apart from
> >
> > http://core.segfault.pl/~hobbit/mod_chroot/install.html
> >
> > This url link I cant seem to find much ie examples of httpd.conf and any
> > FAQ or troubleshooting tips .
> >
> > So if anyone has any url's or example of their chrooted apache 2 using
> > mod_chroot I would like some advice .
>
> I've had good luck with it in apache 1.x, but haven't tried it in 2.
> In 1.x I just add this as a top-level config directive:
>
> #
> # ChrootDir: The directory to chroot to
> #
> # NOTE: When using this all directory/file references in DocumentRoot,
> # <Directory> and <Files> should be relative to this ChrootDir!
> #
> ChrootDir "/home/apache"
>
> > I have currently the chrooted apache 2 - the hard way but due to
> > Creating this structure was informative and useful plus fun. Run the
> > program, read the error message, copy the missing file, start over. But
> > due to patching and upgrading - I have to keep our "virtual root"
> > current - if there is a bug or a new apache 2 release I have to put a
> > new version in two places.
>
> For programs I've had to chroot "the hard way", I write scripts to
> copy the files from outside the chroot to inside. After updating a
> program on the outside that has changed, I simply run the update
> scripts, which look something like:
>
> #!/bin/sh -e
>
> CHROOT=/home/apache
> UPDATE="cp -Luvr"
> for i in /usr/bin/perl \
> /usr/bin/php4 \
> ...
> do
> $UPDATE $i $CHROOT$i
> done
>
> # Now copy Perl libraries
> for i in /usr/lib/perl/5.6.1 /usr/lib/perl5 /usr/share/perl/5.6.1
> /usr/local/lib/perl/5.6.1 /usr/local/share/perl/5.6.1
> do
> $UPDATE $i/* $CHROOT/usr/share/perl5
> done
>
> This seems to me a pretty good compromise.
>
> ----ScottG.
--
Chuck Amadi, Systems Administrator, | http://www.smtl.co.uk/
Surgical Materials Testing Lab, | http://www.worldwidewounds.com/
Princess of Wales Hospital, S Wales | http://www.dressings.org/
Tel/Fax: +44 1656-752820 | chuck@smtl.co.uk
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_chroot Apache 2 Linux - Help and Advice .
Posted by Scott Gifford <sg...@suspectclass.com>.
Chuck Amadi <ch...@smtl.co.uk> writes:
> Hi has anyone got running a Chrooted Apache 2 using mod_chroot module .
>
> Apart from
>
> http://core.segfault.pl/~hobbit/mod_chroot/install.html
>
> This url link I cant seem to find much ie examples of httpd.conf and any
> FAQ or troubleshooting tips .
>
> So if anyone has any url's or example of their chrooted apache 2 using
> mod_chroot I would like some advice .
I've had good luck with it in apache 1.x, but haven't tried it in 2.
In 1.x I just add this as a top-level config directive:
#
# ChrootDir: The directory to chroot to
#
# NOTE: When using this all directory/file references in DocumentRoot,
# <Directory> and <Files> should be relative to this ChrootDir!
#
ChrootDir "/home/apache"
> I have currently the chrooted apache 2 - the hard way but due to
> Creating this structure was informative and useful plus fun. Run the
> program, read the error message, copy the missing file, start over. But
> due to patching and upgrading - I have to keep our "virtual root"
> current - if there is a bug or a new apache 2 release I have to put a
> new version in two places.
For programs I've had to chroot "the hard way", I write scripts to
copy the files from outside the chroot to inside. After updating a
program on the outside that has changed, I simply run the update
scripts, which look something like:
#!/bin/sh -e
CHROOT=/home/apache
UPDATE="cp -Luvr"
for i in /usr/bin/perl \
/usr/bin/php4 \
...
do
$UPDATE $i $CHROOT$i
done
# Now copy Perl libraries
for i in /usr/lib/perl/5.6.1 /usr/lib/perl5 /usr/share/perl/5.6.1
/usr/local/lib/perl/5.6.1 /usr/local/share/perl/5.6.1
do
$UPDATE $i/* $CHROOT/usr/share/perl5
done
This seems to me a pretty good compromise.
----ScottG.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org