topic Re: 'chroot'ing an apache environment. in Operating System - HP-UX

'chroot'ing an apache environment.

Daniel Hart — Tue, 20 Nov 2001 11:37:39 GMT

hpux11.
Have installed apache 1.3.13 - into default /opt/apache - all appears ok.
Would like to 'chroot' the apache install into /web/chroot.
Have created the relevant structure. copied all the /opt/apache files into /web/chroot/opt/apache. But when attempting to start it witt #chroot /web/chroot /opt/apache/bin/apachectl start I get the following error:- httpd: bad user www
I am starting it from root login (the same as I do from the non chroot environment). Is there a file missing that allows apache to spawn the processess as www but is currently unable to under a chroot?
Please help me!!
Dan.

Re: 'chroot'ing an apache environment.

Steven Gillard_2 — Tue, 20 Nov 2001 11:45:11 GMT

I think you'll need a 'cut-down' version of your passwd file, at least containing the www user entry, in /web/chroot/etc.

Cheers,
Steve

Re: 'chroot'ing an apache environment.

Daniel Hart — Tue, 20 Nov 2001 12:03:19 GMT

I've got a /web/chroot/etc/passwd file (I actually copied the original one in it's entirity). The permissions seem ok to.

Re: 'chroot'ing an apache environment.

Steven Gillard_2 — Tue, 20 Nov 2001 12:36:32 GMT

You'll probably also need /etc/nsswitch.conf, and the shared libraries that make this work -/usr/lib/libnss_files.1 and /usr/lib/libnss_nis.1.

Regards,
Steve

Re: 'chroot'ing an apache environment.

harry d brown jr — Tue, 20 Nov 2001 12:39:21 GMT

Do you have a www user in /etc/passwd?

live free or die
harry

Re: 'chroot'ing an apache environment.

Daniel Hart — Tue, 20 Nov 2001 13:12:45 GMT

There is a www user in /web/chroot/etc/passwd - it's the same file as the /etc/passwd file - I just copied it over - and apache runs ok from it's original installation , (opt/apache - outside the chroot.

Re: 'chroot'ing an apache environment.

Daniel Hart — Tue, 20 Nov 2001 13:46:59 GMT

I don't have an /etc/nsswitch.conf file.
As Apache appears to run ok from it's initial non chrooted location (/opt/apache), surely the problem must be that I need to move a particular file into the chrooted environment?

Re: 'chroot'ing an apache environment.

Steven Gillard_2 — Tue, 20 Nov 2001 14:11:05 GMT

Yes, any file required by Apache to run will need to be available under the chroot'd location. If you don't have /etc/nsswitch.conf thats ok because the default switch policy will be used.

I've never done this with Apache, so the following is not a definitive list, but these are the files that I would think are necessary. If any aren't copied over then I wouldn't expect Apache to work.

Shared libraries (copy to {chroot}/usr/lib):
libc.2, libm.2, libpthread.1, libdld.2, dld.sl, libnss_files.1, libnss_nis.1, libnss_dns.1

Files from /etc:
passwd, group, nsswitch.conf, hosts, resolv.conf

Any common utility called by Apache's scripts (copy to {chroot}/usr/bin):
sh, cat ... (I'm sure there are others)

Before running apache I would also change the shared library binding of the httpd program to 'immediate'. This will cause httpd to fail on startup if there are any more missing libraries & symbols. Do this with the chatr command:

# chatr -B immediate httpd

Once you know if works you can change it back with:

# chatr -B deferred httpd

Cheers,
Steve

Re: 'chroot'ing an apache environment.

Daniel Hart — Tue, 20 Nov 2001 16:00:53 GMT

Thanks a lot everyone (particulary Steven).
Once I'd copied libnss_files.1, libnss_nis.1 & libnss_dns.1 all was ok. I would think that, judging by the filenames, the library I required was libnss_files.1 as I don't use NIS or DNS.
Again, many thanks.
Dan.