[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: chrooted Apache and extensions

To: "'Greg Thomas'" <getbsd@sbcglobal.net>, <misc@openbsd.org>
Subject: Re: chrooted Apache and extensions
From: "Dom De Vitto" <dom@DeVitto.com>
Date: Mon, 2 Dec 2002 23:21:40 -0000
Organization: Secure Technologies Ltd.

Yup, chroot doesn't effect who can bind & connect to what ports.

Dom
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dom De Vitto                                       Tel. 07855 805 271
http://www.devitto.com                         mailto:dom@devitto.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 


-----Original Message-----
From: owner-misc@openbsd.org [mailto:owner-misc@openbsd.org] On Behalf
Of Greg Thomas
Sent: Monday, December 02, 2002 11:15 PM
To: misc@openbsd.org
Subject: Re: chrooted Apache and extensions


On Monday, Dec 2, 2002, at 05:46 US/Pacific, Waldemar Brodkorb wrote:
>
> Marc Balmer wrote,
>>
>> As apache is chrooted to /var/www whats the best solution if you need

>> extensions like php4 (a shared lib) that uses, let's say, PostgreSQL,

>> another shared library?
>>
>> PHP4 can be loaded at server start time (before the chroot), but as I

>> understand it, PHP will not try to load the PostgreSQL libraries 
>> until they are first used. And then, where should it load the from?
>
> This happened only if your php4 is compiled with shared support for 
> postgres. (pgsql.so) This is not the default in php4 in the ports.
> You can simple figure it out by typing:
>  ldd /usr/lib/apache/modules/libphp4.so
>
>> Must I
>> set up a complete "shadow" hierarchy under /var/www that contains the

>> libs?
>
> No. Simply put the socket of the database into the chroot. (link or 
> with configuration file)

Ok, now I'm confused.  But maybe I've figured my situation out.  I'm 
running apache under 3.2 chrooted by default.  I'm running PHP4 and 
postgresql from -stable ports.  My pgsql lock and socket files are in 
/tmp:

ethant@oats:/home/ethant$ ls -al /tmp/.s.PGSQL.5432*
srwxrwxrwx  1 postgresql  wheel   0 Dec  2 00:40 /tmp/.s.PGSQL.5432
-rw-------  1 postgresql  wheel  26 Dec  2 00:40 /tmp/.s.PGSQL.5432.lock

And my postgresql install is working fine with PHP.

Is this because even though I'm currently running PHP and postgresql on 
the same machine I'm using the -i switch to use the network?

Greg

References:
- Re: chrooted Apache and extensions
  - From: Greg Thomas <getbsd@sbcglobal.net>

Prev by Date: Re: chrooted Apache and extensions
Next by Date: Re: Getting copies of missing mailing list items
Prev by thread: Re: chrooted Apache and extensions
Next by thread: Re: chrooted Apache and extensions
Index(es):
- Date
- Thread