[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Apache Chroot



Life got really simple by doing:

   cd /var/www
   mkdir var
   cd /var/www/var
   ln -s ../www

It looks ugly, but in the end, any time my paths are messed up or absolute
(within the context of /var/www) they resolve.

regards,
Christian.

----- Original Message -----
From: "Randall Augustus Alexander" <openbsd@zonedzero.net>
To: <tech@openbsd.org>
Sent: Sunday, July 14, 2002 6:32 PM
Subject: Apache Chroot


> I just setup a new machine from current a couple of days ago and ran into
> the fact that apache is now chrooted to /var/www.  At first I thought
there
> was some sort of a problem and even reinstalled the system from scratch.
> After a few hours I finally RTFM.  Sure enough the man page pointed out
that
> it was chrooted and that I had to change paths in httpd.conf.
>
> The paths in the distributed httpd.conf file are all assuming a non
chrooted
> server.  To save someone else some time, someone might want to change the
> httpd.conf file paths and add a note in there as well as a note in the
> afterboot man page.
>
> In researching the problem I also visited the apache.org website and
learned
> that the user and group directives can also be used inside of virtual host
> containers.  This gave me an idea to further enhance an apache
installlation
> on OpenBSD.
>
> Setup the server to run as www:www as usuall and then for each virtual
host
> setup a system account with their shell set to nologin to give them
chrooted
> ftp access to thier web content directory.   The virtual host container
for
> that vhost would then have the user directive reflecting their system
> account and the www group,  The directory would only be writeable by that
> user and readable by the www group.  When running mod_perl or mod_php they
> would also inherit those permissions and should work well.  I will be
> testing that theory here shortly.
>
>
>
> Randy