----- Original Message ----- > Hi, > Some times ago I played with exaclty your configuration. > > If you strace the httpd process you can see that it's searching some > files under /usr/share related to date and time. > Here an extract of my chroot with files Icopied under my chroot > > /chroot/usr/share/zoneinfo/Europe/Rome > /chroot/usr/share/zoneinfo/zone.tab > > Hope this helps. > Marco > > On Fri, May 13, 2011 at 9:35 AM, --[ UxBoD ]-- <uxbod@xxxxxxxxxxxx> > wrote: > > ----- Original Message ----- > >> Hello, > >> > >> On 20.04.11 00:47, --[ UxBoD ]-- wrote: > >> > I have noticed that when running Joomla, or in-fact any browsing > >> > capable > >> > PHP code, I am able to navigate above my virtual host document > >> > root > >> > and > >> > look at other virtual host files. > >> > > >> > How would one stop this ? I have taken a look at mod_chroot but > >> > that does > >> > not seem to work as ChrootDir can only be used in the main > >> > configuration > >> > and not in the VirtualHost directive. > >> > >> just a 1.5 months ago this question was asked and (imho) answered. > >> Usually the PHP scripts are run under the same user apache runs > >> as, > >> so they > >> have the same permissions. > >> > >> You can limit files which can a PHP script access by using PHP > >> directives > >> open_basedir and doc_root. > >> > >> You can run peruses MPM wich apathe 2.2. > >> > >> You can also run PHP as CGI using suexec, but that's a bit > >> ineffective. > >> I don't know how does FastCGI work. > >> > > > > I managed to get Joomla working, kind of, in an Apache 2.2 chroot > > but then I hit a problem with JDate not working so I raised > > http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=25870 > > > > I have now switched to trying to get SuExec and FCGI working but > > hitting an issue with: > > > > [Fri May 13 08:29:29 2011] [warn] [client XXXXXXXXXXXX] > > (104)Connection reset by peer: mod_fcgid: error reading data from > > FastCGI server > > [Fri May 13 08:29:29 2011] [error] [client XXXXXXXXXXX] Premature > > end of script headers: test.php > > > > Though will post this as a separate thread. Hi Marco, I shall certainly give that a try :) I am debating which is going to be the easier to support long term; chroot or SuExec&FCGI and which will offer the greater degree of security. -- Thanks, Phil --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|