[Fwd: Chroot httpd problem]
Rick Stevens
rstevens at vitalstream.com
Tue Mar 8 01:58:33 UTC 2005
calvin at dslextreme.com wrote:
> I am trying to chroot my httpd and so far has not been successful getting
> the error below when I run it in chroot. I have FC3 and installed httpd,
> mysql during installation. I did lsof -p to find out all the files that
> httpd needed and copied them over the chroot directory. I changed
> user/group to the user/group I want it to run as. The file it is looking
> for are both in the original location and the chroot directory. I followed
> instruction in chrooting httpd from links I found on google.
>
> Mar 6 02:37:07 www chroot: Syntax error on line 6 of
> /etc/httpd/conf.d/auth_mysql.conf:
> Mar 6 02:37:07 www chroot: Cannot load
> /etc/httpd/modules/mod_auth_mysql.so into server: libmysqlclient.so.10:
> cannot open shared object file: No such file or directory
>
>
> Anyone have any idea how I could resolve this problem. I even updated my
> apache to 2.0.52 hoping it might fix it but still get the same error.
Once you chroot to a specific directory, anything above it in the normal
directory tree is unavailable. That's what "chroot" means..."change
the filesystem root for this process". If you have a process "chroot"
to, say /usr/local/apache/htdocs, from that point on the process uses
that directory as "/". You can't go above it. You won't have access to
/usr/lib or /lib or any of that since they're above your "root".
The only way to make it work is to create /usr/local/apache/htdocs/lib
and /usr/local/apache/htdocs/usr/lib and copy the files you need to
those directories. Then when you chroot to /usr/local/apache/htdocs,
you'll have a "/lib" and "/usr/lib" available to you. This is called
"being in a chroot jail". It's a big security enhancement, but to make
it all work, you have to understand just what you're doing.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- A day for firm decisions!!! Well, then again, maybe not! -
----------------------------------------------------------------------
More information about the fedora-list
mailing list