OT:chroot on a webserver? and hlfs roadmap. Security beginner's question.
jan.mattila at helsinki.fi
Sun Oct 10 13:56:40 PDT 2004
Quoting "R.Welz" <linuxprodukte at gmx.de>:
> Besides, does somebody know the answer to my chroot questions?
> It would save some time if I knew which service works with
> chroot and which not.
>>- chroot Apache2,
>>- same with OpenSSH, sftp,
>>- what about PHP and Perl?
>>- e-mail server ( I'm not quite shure which one yet, since I
>> never set up an email server before, probably sendmail)
Apache2 with PHP and MySQL work in a chroot jail. Artur Maj
has written an article series about securing them. You can
find them at:
I haven't tried the jailing rest, but anything should work
inside a jail as long as all the needed files exist inside
I think the question is more in how to get them to work in
the jail. For this you might have to dig into some tedious
ldd, strace, other tracing of linked files and you name it.
I did this last year, when Artur had only written a guide
for Apache 1.3 and I wanted to go ahead with Apache2. It
took a number of hours to get the thing done and so I wrote
a howto, but now that Artur finally got his version out,
I'd recommend that over mine. If you want a peek, you can
find my Chrooting Apache2 howto at:
Jan Mattila <jan.mattila at helsinki.fi>
"Finland, Finland, Finland, Finland has it all."
- Michael Palin
More information about the hlfs-dev