[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: apache in a chroot jail
- To: Adi Stav <stav(at-nospam)actcom.co.il>
- Subject: Re: apache in a chroot jail
- From: Eran Levy <eranle(at-nospam)netvision.net.il>
- Date: Thu, 08 Nov 2001 21:15:25 +0200
- Cc: linux-il(at-nospam)linux.org.il
- Delivered-To: linux.org.il-linux-il@linux.org.il
- In-reply-to: <20011108013843.D2093@wilma.stav>
- References: <"from eranle"@netvision.net.il><5.0.2.1.0.20011107103956.009edb30@netvision.net.il>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
At 01:38 08/11/01 +0200, you wrote:
>On Wed, Nov 07, 2001 at 06:45:48PM +0200, Eran Levy wrote:
> > Hi,
> > Im Trying to run Apache in a chroot jail. I have done it once but now with
> > no success.
> > I have made all the directories (usr, lib, etc, var, home, etc.) and
> copied
> > the files to /chroot/httpd and then deleted all the directories I
> copied to
> > the chroot jail because I dont need them, I already have them in the
> chroot
> > jail.
> > I was reading all the HOWTOs regarding to apache chroot jail. Im using RH
> > so I was reading RH documents that regards to apache chroot too.
> > After building the jail, Im trying to run httpd with: chroot /chroot/httpd
> > /usr/sbin/httpd
> > and it gives error "Syntax error on line 65 of /etc/httpd/conf/httpd.conf:
> > ServerRoot must be a valid directory"
>
>Well, what does ServerRoot say? What directory does it point to
>relative to the chroot?
It points to the /chroot/httpd/etc/httpd.
> > The problem is: httpd still uses the /etc/httpd/conf and not using
> > /chroot/httpd/etc/httpd/conf files. I have changed the ServerRoot type in
> > /chroot/httpd/etc/httpd/conf/httpd.conf to use /chroot/httpd/etc/httpd and
> > httpd still uses his regular ServerRoot.
> > The next thing I have tried was adding the -f option to the httpd command
> > but it still give the same results.
>
>That sounds very strange. Once a process is in chroot, it CAN'T
>access any files outside it, no matter what flags you give it,
>including any httpd.conf file outside the chroot. That's not the
>solution... If the chroot command succeeded, then ALL the files
>Apache accesses are inside the chroot. Something inside there must
>be wrong.
Yes, thats what I think but I really dont know whats wrong. Because the
error it gives me tell nothing.
> > I really confused. I have edited the conf files to not use the regular
> > directory and use the chroot file stracuture and added the -f option to
> the
> > httpd command. What more should I do? How can I make httpd take the
> > configuration files from the chroot jail and not from the regular system?
> > BTW: I have also tried to install apache from a tarball to /chroot/httpd
> > but with no success when type: chroot /chroot/httpd
> > /chroot/httpd/usr/sbin/httpd
>
>That can't work because once you're inside a "/chroot/httpd" chroot,
>there is no "/chroot". Your "/" becomes "/chroot/httpd", so you should
>run "/chroot/httpd /usr/sbin/httpd". Maybe you made the same mistake
>with DocumentRoot too?
Nope. I have tried it twice, once with the /sbin/sbin/httpd and second with
the /chroot/httpd/usr/sbin/httpd. No success.
Thank you very much for your time. If you will have any new ideas, I will
appreciate it if you will share them with me.
> > I get: "Cannot execute /chroot/httpd/usr/sbin/httpd: No Such file or
> > directory" and there is execute-able file in this directory. I can only
> > run the new httpd alone without the chroot command.
> >
> > What more should I do to get it working? Any ideas?
--
Best Regards,
Eran Levy.
"This is Linux country. If you listen carefully, you can hear Windows
reboot..."
WebSite: http://levy.dyn.dhs.org
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il