[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: apache in a chroot jail
On Thu, Nov 08, 2001 at 09:15:25PM +0200, Eran Levy wrote:
> At 01:38 08/11/01 +0200, you wrote:
> >On Wed, Nov 07, 2001 at 06:45:48PM +0200, Eran Levy wrote:
[snip]
> > > After building the jail, Im trying to run httpd with: chroot /chroot/httpd
> > > /usr/sbin/httpd
> > > and it gives error "Syntax error on line 65 of /etc/httpd/conf/httpd.conf:
> > > ServerRoot must be a valid directory"
> >
> >Well, what does ServerRoot say? What directory does it point to
> >relative to the chroot?
>
> It points to the /chroot/httpd/etc/httpd.
Then it's wrong, because all the fiels that a chrooted process knows
about are relative to its chroot. That is, if the ServerRoot looks from
outside the chroot as /chroot/httpd/etc/httpd, then from INSIDE the
chroot it should be accessed as /etc/httpd. You CHanged the ROOT :)
[snip]
> > > I really confused. I have edited the conf files to not use the regular
> > > directory and use the chroot file stracuture and added the -f option to
> > the
> > > httpd command. What more should I do? How can I make httpd take the
> > > configuration files from the chroot jail and not from the regular system?
> > > BTW: I have also tried to install apache from a tarball to /chroot/httpd
> > > but with no success when type: chroot /chroot/httpd
> > > /chroot/httpd/usr/sbin/httpd
> >
> >That can't work because once you're inside a "/chroot/httpd" chroot,
> >there is no "/chroot". Your "/" becomes "/chroot/httpd", so you should
> >run "/chroot/httpd /usr/sbin/httpd". Maybe you made the same mistake
> >with DocumentRoot too?
>
> Nope. I have tried it twice, once with the /sbin/sbin/httpd and second with
> the /chroot/httpd/usr/sbin/httpd. No success.
Make sure all the libraries httpd needs (find out with ldd httpd) are
available inside the chroot. On my system (Debian Potato with 2.2.20
vanilla) I get a "File not found" error on exec() if the process can't
find its /lib/ld-linux.so.2 library (with other libraries the exec()
succeeds and then the process quits with a regular shared libs error
message. Maybe Linux has a special arrangement to load this lib and
the other libs are loaded by the compiler's code... Is anyone familiar
with that?). Also make sure that the libs are in the places httpd
would expect to find them and don't forget that httpd has a different
root directory than you. Probably /chroot/httpd/lib and
/chroot/httpd/usr/lib.
> Thank you very much for your time. If you will have any new ideas, I will
> appreciate it if you will share them with me.
No problem. Chroot is a cool concept.
> > > I get: "Cannot execute /chroot/httpd/usr/sbin/httpd: No Such file or
> > > directory" and there is execute-able file in this directory. I can only
> > > run the new httpd alone without the chroot command.
> > >
> > > What more should I do to get it working? Any ideas?
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il