HPE Community
Operating System - HP-UX
1819803 Members
3035 Online
109607 Solutions
New Discussion юеВ

'chroot'ing an apache environment.

 
SOLVED
Go to solution
Daniel Hart
Occasional Advisor

тАО11-20-2001 03:37 AM

тАО11-20-2001 03:37 AM

'chroot'ing an apache environment.

hpux11.
Have installed apache 1.3.13 - into default /opt/apache - all appears ok.
Would like to 'chroot' the apache install into /web/chroot.
Have created the relevant structure. copied all the /opt/apache files into /web/chroot/opt/apache. But when attempting to start it witt #chroot /web/chroot /opt/apache/bin/apachectl start I get the following error:- httpd: bad user www
I am starting it from root login (the same as I do from the non chroot environment). Is there a file missing that allows apache to spawn the processess as www but is currently unable to under a chroot?
Please help me!!
Dan.
0 Kudos
Reply
8 REPLIES 8
Steven Gillard_2
Honored Contributor

тАО11-20-2001 03:45 AM

тАО11-20-2001 03:45 AM

Re: 'chroot'ing an apache environment.

I think you'll need a 'cut-down' version of your passwd file, at least containing the www user entry, in /web/chroot/etc.

Cheers,
Steve
0 Kudos
Reply
Daniel Hart
Occasional Advisor

тАО11-20-2001 04:03 AM

тАО11-20-2001 04:03 AM

Re: 'chroot'ing an apache environment.

I've got a /web/chroot/etc/passwd file (I actually copied the original one in it's entirity). The permissions seem ok to.
0 Kudos
Reply
Steven Gillard_2
Honored Contributor

тАО11-20-2001 04:36 AM

тАО11-20-2001 04:36 AM

Re: 'chroot'ing an apache environment.

You'll probably also need /etc/nsswitch.conf, and the shared libraries that make this work -/usr/lib/libnss_files.1 and /usr/lib/libnss_nis.1.

Regards,
Steve

0 Kudos
Reply
harry d brown jr
Honored Contributor

тАО11-20-2001 04:39 AM

тАО11-20-2001 04:39 AM

Re: 'chroot'ing an apache environment.

Do you have a www user in /etc/passwd?

live free or die
harry
Live Free or Die
0 Kudos
Reply
Daniel Hart
Occasional Advisor

тАО11-20-2001 05:12 AM

тАО11-20-2001 05:12 AM

Re: 'chroot'ing an apache environment.

There is a www user in /web/chroot/etc/passwd - it's the same file as the /etc/passwd file - I just copied it over - and apache runs ok from it's original installation , (opt/apache - outside the chroot.
0 Kudos
Reply
Daniel Hart
Occasional Advisor

тАО11-20-2001 05:46 AM

тАО11-20-2001 05:46 AM

Re: 'chroot'ing an apache environment.

I don't have an /etc/nsswitch.conf file.
As Apache appears to run ok from it's initial non chrooted location (/opt/apache), surely the problem must be that I need to move a particular file into the chrooted environment?
0 Kudos
Reply
Steven Gillard_2
Honored Contributor

тАО11-20-2001 06:11 AM

тАО11-20-2001 06:11 AM

Solution

Re: 'chroot'ing an apache environment.

Yes, any file required by Apache to run will need to be available under the chroot'd location. If you don't have /etc/nsswitch.conf thats ok because the default switch policy will be used.

I've never done this with Apache, so the following is not a definitive list, but these are the files that I would think are necessary. If any aren't copied over then I wouldn't expect Apache to work.

Shared libraries (copy to {chroot}/usr/lib):
libc.2, libm.2, libpthread.1, libdld.2, dld.sl, libnss_files.1, libnss_nis.1, libnss_dns.1

Files from /etc:
passwd, group, nsswitch.conf, hosts, resolv.conf

Any common utility called by Apache's scripts (copy to {chroot}/usr/bin):
sh, cat ... (I'm sure there are others)

Before running apache I would also change the shared library binding of the httpd program to 'immediate'. This will cause httpd to fail on startup if there are any more missing libraries & symbols. Do this with the chatr command:

# chatr -B immediate httpd

Once you know if works you can change it back with:

# chatr -B deferred httpd

Cheers,
Steve
Reply
Daniel Hart
Occasional Advisor

тАО11-20-2001 08:00 AM

тАО11-20-2001 08:00 AM

Re: 'chroot'ing an apache environment.

Thanks a lot everyone (particulary Steven).
Once I'd copied libnss_files.1, libnss_nis.1 & libnss_dns.1 all was ok. I would think that, judging by the filenames, the library I required was libnss_files.1 as I don't use NIS or DNS.
Again, many thanks.
Dan.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.