Re: [mod-security-users] Chroot and pid file
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Chroot and pid file
|
From: Ivan R. <iv...@we...> - 2004-05-16 20:37:37
|
> 'If you choose to put the Apache binary and the supporting files outside > of jail, you won't be able to use the "apachectl graceful" and "apachectl > restart" commands anymore. Restart may work (although I presume I've checked before writing it to the manual ;), but graceful can't. That's because with graceful the root Apache process reconfigures, kills idle children, and creates new children (with new configuration active). So if the httpd.conf file resides outside the jail the root process won't be able to read it and that's that. With Apache 2, all of the start/stop/restart/etc functionality was moved into the binary. As David said, I belive the pidfile is now created after the chroot. Again, this discussion only applies if the web server binary and the supporting files are left outside jail. Because of all this I've mostly decided to practice the classic chroot approach where the jail contains all Apache-related files. -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ] |
