[mod-security-users] mod-security, SecChroot & suexec
Brought to you by:
victorhora,
zimmerletw
From: Jinn K. <mod...@ma...> - 2005-10-16 23:04:28
|
Hi all, Trying to get Apache2 running with mod-security-1.8.7 and suexec in a chroot jail on Debian Sarge. From the changelog it appears this should be possible. Other than that I haven't managed to find any notes on how to achieve this on google. Hopefully modsecurity is the place to ask this question? suexec doesn't have any config options other than setting the user/group - and the compile time options don't appear to be causing any problems. I have tested this testenv script from TWiki in 3 scenarios. I am trying to keep my general configs reasonably simple for now until I get it working. 1. Apache2 with suexec. No chroot. Everything works fine. 2. Apache2 with SecChrootDir. No suexec. Works fine, but the script doesn't appear to see the UID it is running as. 3. Apache2 with SecChrootDir plus suexec. The requires generates a 500 error and the only logs apparent are: *** /etc/apache2/logs/suexec.log *** [2005-10-16 19:47:05]: crit: invalid uid: (33) *** vhost_log *** [Sun Oct 16 19:47:05 2005] [error] [client w.x.y.z] Premature end of script headers: testenv The UID 33 is www-data on Debian Sarge - this is the user Apache2 is running as. The script being requested has a UID & GID over 1000. I am unable to run 'strace apache2 -X' - apache2 bombs out before it can receive any requests. Thanks for reading. Jinn |