Running apache in chroot adds another layer of security. You can chroot the apache server and copy over all the libraries you need and only the programs you need like /bin/sh lets say to start/stop the server. In that way any security issue or intruder will end up in "jail" and have limited programs to run. Also what ever damage he/she might cause will be in the chroot enviroment, which you can esally recover, and not in your real root.
We run all our company production servers in chroot.
Cheers,
IgorOn Mon, Jun 15, 2009 at 6:40 PM, Fred Zinsli <fred.zinsli@xxxxxxxxxxxxx> wrote:
Hello everyone
I can't seem to get my head around this chrooted and non-chrooted apache
server thing at all.
What are the pros & cons, advantages or dissadvantages of chrooted over
non-chrooted apache servers.
In a nutshell, is a preferable to run apache chrooted on a production
server or not?
Curently my public server is not chrooted but I am planning a major
upgrade and I thought this would be a good opertunity to change my apache
configuration at the same time if it was warranted.
The server is currently configured for name based virtual hosts.
Any comments would be most appreciated.
Regards
Fred
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|