[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Chroot'ed apache + PHP + chroot'ed MySQL - Non-working php-mysql extension, and sendmail

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Chroot'ed apache + PHP + chroot'ed MySQL - Non-working php-mysql extension, and sendmail
From: Espen Wang <espen_(_at_)_shells_(_dot_)_no>
Date: 30 Oct 2002 15:15:58 +0100

Hi misc@,

I upgraded to OpenBSD 3.2 via cvs tag OPENBSD_3_2, 7 days ago.

I love Apache (finally) being chroot'ed. I have often wondered "why not"
myself.

>From before, MySQL 3.23.49 is run chroot to /var/mysql successfully.
(The spwd.db got me confused a while. setuid() is run after chroot())
Anyway, I got it fixed, by building a minimalistic password database
(one entry) and putting it inside the chroot. (Contact me if anyone
wants the full walk-thru on chroot'ed mysql. I sure couldn't find anyone
on the web.

After the 3.2 was up'n'running, I had to recompile a few ports packages,
amongst them PHP 4.2.3.
I also used some time to understand that I had to "unset" all the
extension-flavors I didn't want (Why?), to compile the PHP-extension
MySQL.

Since both MySQL and apache is chroot'ed, and I only want MySQL to
listen on socket, i had to make a hardlink across the filesystem for
mysql.sock. (Preventing me from restarting MySQL, without restarting
Apache afterwards, because of opening/closing the socket. But that's ok)

But, i found out... PHP will itself reload its modules (extensions) on
Apache restart. mysql.so (PHP extension) will *not* reload, on Apache
restart. No errors, no explanation. I tried hardlinking it into the
chroot, without any success. ktrace doesn't complain about missing file
on restart either.

I use pretty default httpd.conf, and php.ini-recommended.
php.ini extension_dir is /usr/local/lib/php/modules
mysql.so resides hardlinked in /var/www/usr/local/lib/php/modules


Another problem i discovered is the mail() function has no longer a
sendmail program to send mail via. Hardlinking sendmail into the chroot
was pointless, since it requires several libs.
I know putting sendmail into the chroot is kinda insecure, but there's
no satisfying sockmail functions. *Do* the UNIX mail() function have the
ability to use SMTP, as its Windoze-counterpart do?


Any suggestions or pointers on the two problems?
Thanks in advance!


Best regards,
  Espen Wang


P.S: Looking forward to yet some cool stickers for the boxes. :)

-- 
Espen Wang               /"\
http://www.shells.no/    \ /      ASCII Ribbon Campaign
espen_(_at_)_shells_(_dot_)_no           X  Against HTML Mail and News
dizz_(_at_)_efnet               / \

Follow-Ups:
- Re: Chroot'ed apache + PHP + chroot'ed MySQL - Non-working php-mysql extension, and sendmail
  - From: Henning Brauer
- Chroot'ed MySQL [Was: Re: Chroot'ed apache + PHP + chroot'ed MySQL - Non-working php-mysql extension, and sendmail]
  - From: Espen Wang

Prev by Date: Installing Apache::ASP on OpenBSD 3.1 box
Next by Date: Re: Chroot'ed apache + PHP + chroot'ed MySQL - Non-working php-mysql extension, and sendmail
Previous by thread: Installing Apache::ASP on OpenBSD 3.1 box
Next by thread: Re: Chroot'ed apache + PHP + chroot'ed MySQL - Non-working php-mysql extension, and sendmail
Index(es):
- Date
- Thread

Visit your host, monkey.org