[Fwd: Chroot httpd problem]
calvin at dslextreme.com
calvin at dslextreme.com
Tue Mar 8 04:16:30 UTC 2005
These files are in the chroot directory meaning:
/chroot/www/etc/httpd/conf.d/auth_mysql.conf
/chroot/www/etc/httpd/modules/mod_auth_mysql.so
/chroot/www/usr/lib/mysql/libmysqlclient.so.10
Why does it complain that it wan not there ? Any idea ?
Rick Stevens
> calvin at dslextreme.com wrote:
>> I am trying to chroot my httpd and so far has not been successful
>> getting
>> the error below when I run it in chroot. I have FC3 and installed httpd,
>> mysql during installation. I did lsof -p to find out all the files that
>> httpd needed and copied them over the chroot directory. I changed
>> user/group to the user/group I want it to run as. The file it is looking
>> for are both in the original location and the chroot directory. I
>> followed
>> instruction in chrooting httpd from links I found on google.
>>
>> Mar 6 02:37:07 www chroot: Syntax error on line 6 of
>> /etc/httpd/conf.d/auth_mysql.conf:
>> Mar 6 02:37:07 www chroot: Cannot load
>> /etc/httpd/modules/mod_auth_mysql.so into server: libmysqlclient.so.10:
>> cannot open shared object file: No such file or directory
>>
>>
>> Anyone have any idea how I could resolve this problem. I even updated my
>> apache to 2.0.52 hoping it might fix it but still get the same error.
>
> Once you chroot to a specific directory, anything above it in the normal
> directory tree is unavailable. That's what "chroot" means..."change
> the filesystem root for this process". If you have a process "chroot"
> to, say /usr/local/apache/htdocs, from that point on the process uses
> that directory as "/". You can't go above it. You won't have access to
> /usr/lib or /lib or any of that since they're above your "root".
>
> The only way to make it work is to create /usr/local/apache/htdocs/lib
> and /usr/local/apache/htdocs/usr/lib and copy the files you need to
> those directories. Then when you chroot to /usr/local/apache/htdocs,
> you'll have a "/lib" and "/usr/lib" available to you. This is called
> "being in a chroot jail". It's a big security enhancement, but to make
> it all work, you have to understand just what you're doing.
> ----------------------------------------------------------------------
> - Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
> - VitalStream, Inc. http://www.vitalstream.com -
> - -
> - A day for firm decisions!!! Well, then again, maybe not! -
> ----------------------------------------------------------------------
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
More information about the fedora-list
mailing list