[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Chroot'ed apache + PHP + chroot'ed MySQL - Non-working php-mysql extension, and sendmail
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Chroot'ed apache + PHP + chroot'ed MySQL - Non-working php-mysql extension, and sendmail
- From: Espen Wang <espen_(_at_)_shells_(_dot_)_no>
- Date: 30 Oct 2002 15:15:58 +0100
I upgraded to OpenBSD 3.2 via cvs tag OPENBSD_3_2, 7 days ago.
I love Apache (finally) being chroot'ed. I have often wondered "why not"
>From before, MySQL 3.23.49 is run chroot to /var/mysql successfully.
(The spwd.db got me confused a while. setuid() is run after chroot())
Anyway, I got it fixed, by building a minimalistic password database
(one entry) and putting it inside the chroot. (Contact me if anyone
wants the full walk-thru on chroot'ed mysql. I sure couldn't find anyone
on the web.
After the 3.2 was up'n'running, I had to recompile a few ports packages,
amongst them PHP 4.2.3.
I also used some time to understand that I had to "unset" all the
extension-flavors I didn't want (Why?), to compile the PHP-extension
Since both MySQL and apache is chroot'ed, and I only want MySQL to
listen on socket, i had to make a hardlink across the filesystem for
mysql.sock. (Preventing me from restarting MySQL, without restarting
Apache afterwards, because of opening/closing the socket. But that's ok)
But, i found out... PHP will itself reload its modules (extensions) on
Apache restart. mysql.so (PHP extension) will *not* reload, on Apache
restart. No errors, no explanation. I tried hardlinking it into the
chroot, without any success. ktrace doesn't complain about missing file
on restart either.
I use pretty default httpd.conf, and php.ini-recommended.
php.ini extension_dir is /usr/local/lib/php/modules
mysql.so resides hardlinked in /var/www/usr/local/lib/php/modules
Another problem i discovered is the mail() function has no longer a
sendmail program to send mail via. Hardlinking sendmail into the chroot
was pointless, since it requires several libs.
I know putting sendmail into the chroot is kinda insecure, but there's
no satisfying sockmail functions. *Do* the UNIX mail() function have the
ability to use SMTP, as its Windoze-counterpart do?
Any suggestions or pointers on the two problems?
Thanks in advance!
P.S: Looking forward to yet some cool stickers for the boxes. :)
Espen Wang /"\
http://www.shells.no/ \ / ASCII Ribbon Campaign
espen_(_at_)_shells_(_dot_)_no X Against HTML Mail and News
dizz_(_at_)_efnet / \
Visit your host, monkey.org