[mod-security-users] Re: Re2: SecChrootDir and httpd.conf
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Re: Re2: SecChrootDir and httpd.conf
|
From: Ivan R. <iv...@we...> - 2003-09-21 15:59:17
|
>> [notice] SIGHUP received. Attempting to restart
>> [notice] mod_security: sec_init called, getppid()=1
>> [notice] mod_security: performed chroot, path=/disk2
>> [error] (2)No such file or directory: could not create /tmp/httpd.pid
>> [error] httpd: could not log pid to file /tmp/httpd.pid
>
> getppid() returns 1 => chroot gets called => apache dies :(
I don't have root access to a Solaris box but I think
I figured out what happens because it is the same on my
Linux development server.
There are two things you need to do:
1) The path in jail must be the same as the path outside
the jail. Let's assume you keep Apache at
/usr/local/apache
then the chroot must be
/chroot/usr/local/apache
2) Inside the jail, the logs folder must exist, so you
need to have
/chroot/usr/local/apache/logs
I didn't notice this because I already had my jail
configured as above. Does this work for you? If it does I will
address this issue in the documentation for the upcoming v1.7
release (scheduled for a week from now).
BTW, standard apachectl stop and restart won't work on a
chrooted server as the script can't find the pid file. Stopping
the server is easy, I'll probably write a script for that in
the future. Restart could be easy, too, but only provided you
keep the configuration files in jail, as the chrooted copy of
the server must re-read them.
The requirement above (the same folder structure and a place
to create the pid file) does not exist in Apache1 as there
the apachectl script creates the pidfile.
--
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]
|
