Talk:Apache chroot: the mod security way
From Gentoo Linux Wiki
Contents |
[edit] KR-data's checks
Unfortunately I don't have the time to continue the editing, but this should give a good start, if someone would please continue and make this good initiative to an even better guide.
Thanks, KR-data
[edit] Marco's answer
Thank you for your checks. Now this work is similar to a real howto ...
Marco
[edit] Note on comments
Please, don't insert comments in the articol. If you find something wrong, correct it, and, if you like, put a comment on discussion.
That's a wiki, not a forum.
[edit] Comments about file /etc/init.d/mysql/
Note, I haven't tested this myself yet, but it should work.
dams - I have tested it, you forgot /apache/, now it works :)
BugMaker - vpopmail may give errors with this settings.
Like "Error - no authentication database connection. Initial open." or "-ERR Can't open authentication database.".
So I changed /var/run/mysql to /var/run/mysqld and it works for me.
[edit] Wikify
The Index section should be removed and the standard auto-generated wiki __TOC__ be used instead. --AnMaster 12:08, 16 February 2007 (UTC)
> Done. Now I've descovered the __TOC__ command :) .
[edit] moving httpd.conf file is not needed
I think it is not necessary to move httpd.conf file. In my conf, I've not it. Anyway, may it be better avoid to do significative changes without a user identity.
[edit] Re: 'copy over some essential libs'
Is copying the libraries a good idea? Would it be better to hardlink them instead, in case the library versions change?
Something like:
# ln /lib/libnss_compat.so.2 /wwwjail/lib ...
[edit] Resolve pid error
Have a error:
[error] (2)No such file or directory: could not create /var/www/jail/var/run/apache2.pid [error]apache2: could not log pid to file /var/www/jail/var/run/apache2.pid
Resolv:don't change /etc/apache2/modules.d/00_mpm.conf. not change the location of apache pid and apache lock file.
in Apache 2 some of the initialization happens after the last module initializes. This causes problems if you attempt to create a jail in which the logs directory stays outside jail. The solution is to create another logs direc- tory inside jail, which will be used to store the files Apache 2 needs (e.g., the pid file). Many of the modules that create temporary files have configuration direc- tives that change the paths to those files, so you can use those directives to have temporary files created somewhere else (but still within the jail).
