[mod-security-users] SecChrootDir - RH 8.0, Apache 2.0.40, and PHP 4.2.2

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I've never tried a chroot() operation before, so go easy on me.  

My apache configuration (Red Hat 8.0 distribution) is as follows:  

*	binary:		/usr/sbin/httpd  
*	configuration:	/etc/httpd  
			/etc/httpd/conf  
			/etc/httpd/conf.d 
*	logs:		/etc/httpd/logs (which is symlinked to
../../var/log/httpd)  
*	modules:		/etc/httpd/modules (which is symlinked to
../../usr/lib/httpd/modules)  
*	run:			/etc/httpd/run (which is symlinked to
../../var/run)  
*	www:		/var/www 
			/var/www/html  
			/var/www/cgi-bin  
			/var/www/error  
			/var/www/icons

The /etc/httpd/conf/httpd.conf files specifies the following:  

*	ServerRoot:		/etc/httpd  
*	PidFile:		run/httpd.pid  
*	DocumentRoot:	/var/www/html  
*	ErrorLog:		logs/error_log  
*	CustomLog:	logs/access_log
*	And various Alias and Directory directives pointing to the
subdirectories in /var/www.  

So, how do I SecChrootDir this mess?  

Should I simply move the entire /var/www to /chroot/var/www, and also create
/chroot/var/run and /chroot/var/log/httpd directories?  Will the symlinks to
the /var/log/httpd and /var/run folders mess things up?  

And finally (I hope), what about the various scripts (e.g.,
/etc/rc.d/init.d/httpd) and logrotate configuration (/etc/logrotate.d/httpd)
files?  

I should also note that this particular web site used PHP and MySQL access
through PHP extensively.  Will the forked httpd processes still be able to
access PHP?  In Red Hat 8.0 PHP (4.2.2) is handled through Apache (2.0.40)
input/output filters -- the mod_security way of configuring for PHP (i.e.,
AddHandler application/x-httpd-php .php) doesn't seem to work with this
particular match-up of Apache and PHP.  

I know that this is a rather bloated message, all assistance would be
greatly appreciated.  

TIA!  

Sincerely,  

L. Christopher Luther  
Technical Consultant  
Xybernaut Solutions, Inc.  
(703) 654-3642  
cl...@xy...  
http://www.xybernautsolutions.com  

PGP Public KeyID:  0x21261B88

CONFIDENTIALITY NOTE:  This communication contains 
information that is confidential and/or legally privileged.  
This information is intended only for the use of the individual 
or entity named on this communication. If you are not the 
intended recipient, you are hereby notified that any disclosure, 
copying, distribution, printing or other use of, or any action 
in reliance on, the contents of this communication is strictly 
prohibited.  If you receive this communication in error, please 
immediately notify us by telephone at (703) 631-6925. 

============================================
Unsolicited commercial e-mail will automatically be 
reported to the appropriate abuse@ - without exception.
============================================