[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: apache in a chroot jail
- To: Eran Levy <eranle(at-nospam)netvision.net.il>
- Subject: Re: apache in a chroot jail
- From: Adi Stav <stav(at-nospam)actcom.co.il>
- Date: Thu, 8 Nov 2001 01:38:43 +0200
- Cc: linux-il(at-nospam)linux.org.il
- Delivered-To: linux.org.il-linux-il@linux.org.il
- In-Reply-To: <5.0.2.1.0.20011107103956.009edb30@netvision.net.il>; from eranle@netvision.net.il on Wed, Nov 07, 2001 at 06:45:48PM +0200
- Mail-Followup-To: Eran Levy <eranle@netvision.net.il>,linux-il@linux.org.il
- References: <5.0.2.1.0.20011107103956.009edb30@netvision.net.il>
- Sender: Adi Stav <adi(at-nospam)stav.org.il>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
- User-Agent: Mutt/1.2.5i
On Wed, Nov 07, 2001 at 06:45:48PM +0200, Eran Levy wrote:
> Hi,
> Im Trying to run Apache in a chroot jail. I have done it once but now with
> no success.
> I have made all the directories (usr, lib, etc, var, home, etc.) and copied
> the files to /chroot/httpd and then deleted all the directories I copied to
> the chroot jail because I dont need them, I already have them in the chroot
> jail.
> I was reading all the HOWTOs regarding to apache chroot jail. Im using RH
> so I was reading RH documents that regards to apache chroot too.
> After building the jail, Im trying to run httpd with: chroot /chroot/httpd
> /usr/sbin/httpd
> and it gives error "Syntax error on line 65 of /etc/httpd/conf/httpd.conf:
> ServerRoot must be a valid directory"
Well, what does ServerRoot say? What directory does it point to
relative to the chroot?
> The problem is: httpd still uses the /etc/httpd/conf and not using
> /chroot/httpd/etc/httpd/conf files. I have changed the ServerRoot type in
> /chroot/httpd/etc/httpd/conf/httpd.conf to use /chroot/httpd/etc/httpd and
> httpd still uses his regular ServerRoot.
> The next thing I have tried was adding the -f option to the httpd command
> but it still give the same results.
That sounds very strange. Once a process is in chroot, it CAN'T
access any files outside it, no matter what flags you give it,
including any httpd.conf file outside the chroot. That's not the
solution... If the chroot command succeeded, then ALL the files
Apache accesses are inside the chroot. Something inside there must
be wrong.
> I really confused. I have edited the conf files to not use the regular
> directory and use the chroot file stracuture and added the -f option to the
> httpd command. What more should I do? How can I make httpd take the
> configuration files from the chroot jail and not from the regular system?
> BTW: I have also tried to install apache from a tarball to /chroot/httpd
> but with no success when type: chroot /chroot/httpd
> /chroot/httpd/usr/sbin/httpd
That can't work because once you're inside a "/chroot/httpd" chroot,
there is no "/chroot". Your "/" becomes "/chroot/httpd", so you should
run "/chroot/httpd /usr/sbin/httpd". Maybe you made the same mistake
with DocumentRoot too?
> I get: "Cannot execute /chroot/httpd/usr/sbin/httpd: No Such file or
> directory" and there is execute-able file in this directory. I can only
> run the new httpd alone without the chroot command.
>
> What more should I do to get it working? Any ideas?
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il