Re: [mod-security-users] Chroot and pid file

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Mark,

Thanks for your reply. 

What version of mod_security are you using? The chroot stuff has been
revised significantly in the development version. I was refering to the
pdf verion of the manual for the development version 1.8dev2. It states
that:

'If you choose to put the Apache binary and the supporting files outside
of jail, you won't be able to use the "apachectl graceful" and "apachectl
restart" commands anymore. That would require Apache reaching out of the
jail, which is not possible. With Apache 2, even the "apachectl stop"
command does not work. For future releases I will create replacement
scripts to work around this problem.'

I am using Apache 2 - I should have said that in my email. Apache is now
creating its PID file after the chroot, so the standard apachectl script
stops working.

I'm not sure about the soft link. I agree it would allow the standard
script to find the PID, but deleting the soft link rather than the real
PID file would leave an old PID file in the chroot.

Cheers,

David.

On Sun, 16 May 2004 18:59:29 GMT
Mark <ad...@as...> wrote:

> David Fletcher wrote:
> 
> > I'm using mod_security-1.8dev2 and the chroot function. As stated in
> > the manual, it is difficult to stop Apache when chrooted because it
> > cannot find its PID file.
> 
> Where did you read that? If so, your Apache must behave radically
> different from mine. My Apache (1.32.29) first creates its PID file, and
> only *then* chroots. It can easily be stopped with:
> 
>     kill -TERM `cat /var/run/httpd.pid`
> 
> If people have a pid within the chroot, a simple symlink, in /var/run/,
> will suffice:
> 
>     ln -s /chroot/apache/var/run/httpd.pid httpd.pid
> 
> Cheers,
> 
> - Mark
> 
>         System Administrator Asarian-host.org
> 
> ---
> "If you were supposed to understand it,
> we wouldn't call it code." - FedEx
> 
> 

-- 
-------------------------------------------------
Email: David at megapico dot co dot uk
-------------------------------------------------