Apache mod chroot

Allikas: Kuutõrvaja
Redaktsioon seisuga 25. oktoober 2007, kell 12:16 kasutajalt Jj (arutelu | kaastöö) (New page: ===Sissejuhatus=== chroot(2) changes the root directory of a process to a directory other than "/". It means the process is locked inside a virtual filesystem root. If you configure your ...)
(erin) ←Vanem redaktsioon | Viimane redaktsiooni (erin) | Uuem redaktsioon→ (erin)

Sissejuhatus

chroot(2) changes the root directory of a process to a directory other than "/". It means the process is locked inside a virtual filesystem root. If you configure your chroot jail properly, Apache and its child processes (think CGI scripts) won't be able to access anything except the jail.

There are many documents about running programs inside a chroot jail. Some daemons (tinydns, dnscache, vsftpd) support it out of the box. For others (like Apache) you need to carefully build a "virtual root", containing every file the program may need. Creating this structure is great fun. Run the program, read the error message, copy the missing file, start over. Now think about upgrading - you have to keep your "virtual root" current - if there is a bug in libssl, you need to put a new version in two places. Scared enough? Read on.

mod_chroot allows you to run Apache in a chroot jail with no additional files. The chroot() system call is performed at the end of startup procedure - when all libraries are loaded and log files open.

Install

Testimine

Lingid

http://core.segfault.pl/~hobbit/mod_chroot/

Pärit leheküljelt "https://kuutorvaja.eenet.ee/w/index.php?title=Apache_mod_chroot&oldid=5392"