OT:chroot on a webserver? and hlfs roadmap. Security beginner's question.

Jan Mattila jan.mattila at helsinki.fi
Sun Oct 10 13:56:40 PDT 2004


Quoting "R.Welz" <linuxprodukte at gmx.de>:

> Besides, does somebody know the answer to my chroot questions? 
> It would save some time if I knew which service works with 
> chroot and which not. 
>
>>- chroot Apache2,
>>- same with OpenSSH, sftp,
>>- what about PHP and Perl?
>>- e-mail server ( I'm not quite shure which one yet, since I 
>>  never set up an email server before, probably sendmail)
>>- Bind9

Apache2 with PHP and MySQL work in a chroot jail. Artur Maj
has written an article series about securing them. You can 
find them at:

http://www.securityfocus.com/infocus/1786 (Apache2)
http://www.securityfocus.com/infocus/1726 (MySQL)
http://www.securityfocus.com/infocus/1706 (PHP)


I haven't tried the jailing rest, but anything should work 
inside a jail as long as all the needed files exist inside
that jail. 

I think the question is more in how to get them to work in 
the jail. For this you might have to dig into some tedious 
ldd, strace, other tracing of linked files and you name it. 
I did this last year, when Artur had only written a guide 
for Apache 1.3 and I wanted to go ahead with Apache2. It 
took a number of hours to get the thing done and so I wrote 
a howto, but now that Artur finally got his version out, 
I'd recommend that over mine. If you want a peek, you can 
find my Chrooting Apache2 howto at:

http://cs.helsinki.fi/u/janmatti/chrootapache2-howto.html


PaX.
-- 

 Jan Mattila <jan.mattila at helsinki.fi>

 "Finland, Finland, Finland, Finland has it all."
                             - Michael Palin



More information about the hlfs-dev mailing list