httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "--[ UxBoD ]--" <ux...@splatnix.net>
Subject Re: [users@httpd] Chroot a virtual host
Date Fri, 13 May 2011 08:09:53 GMT
----- Original Message -----
> Hi,
> Some times ago I played with exaclty your configuration.
> 
> If you strace the httpd process you can see that it's searching some
> files under /usr/share related to date and time.
> Here an extract of my chroot with files Icopied under my chroot
> 
> /chroot/usr/share/zoneinfo/Europe/Rome
> /chroot/usr/share/zoneinfo/zone.tab
> 
> Hope this helps.
> Marco
> 
> On Fri, May 13, 2011 at 9:35 AM, --[ UxBoD ]-- <uxbod@splatnix.net>
> wrote:
> > ----- Original Message -----
> >> Hello,
> >>
> >> On 20.04.11 00:47, --[ UxBoD ]-- wrote:
> >> > I have noticed that when running Joomla, or in-fact any browsing
> >> > capable
> >> > PHP code, I am able to navigate above my virtual host document
> >> > root
> >> > and
> >> > look at other virtual host files.
> >> >
> >> > How would one stop this ? I have taken a look at mod_chroot but
> >> > that does
> >> > not seem to work as ChrootDir can only be used in the main
> >> > configuration
> >> > and not in the VirtualHost directive.
> >>
> >> just a 1.5 months ago this question was asked and (imho) answered.
> >> Usually the PHP scripts are run under the same user apache runs
> >> as,
> >> so they
> >> have the same permissions.
> >>
> >> You can limit files which can a PHP script access by using PHP
> >> directives
> >> open_basedir and doc_root.
> >>
> >> You can run peruses MPM wich apathe 2.2.
> >>
> >> You can also run PHP as CGI using suexec, but that's a bit
> >> ineffective.
> >> I don't know how does FastCGI work.
> >>
> >
> > I managed to get Joomla working, kind of, in an Apache 2.2 chroot
> > but then I hit a problem with JDate not working so I raised
> > http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=25870
> >
> > I have now switched to trying to get SuExec and FCGI working but
> > hitting an issue with:
> >
> > [Fri May 13 08:29:29 2011] [warn] [client XXXXXXXXXXXX]
> > (104)Connection reset by peer: mod_fcgid: error reading data from
> > FastCGI server
> > [Fri May 13 08:29:29 2011] [error] [client XXXXXXXXXXX] Premature
> > end of script headers: test.php
> >
> > Though will post this as a separate thread.

Hi Marco,

I shall certainly give that a try :) I am debating which is going to be the easier to support
long term; chroot or SuExec&FCGI and which will offer the greater degree of security.
-- 
Thanks, Phil

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message