[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Apache Chroot

To: "BSDaem0n ." <ntvsunix@hotmail.com>, <tech@openbsd.org>
Subject: Re: Apache Chroot
From: "Randall Augustus Alexander" <openbsd@zonedzero.net>
Date: Sun, 14 Jul 2002 15:56:43 -0700
References: <F4PrPrvCWO6hm8Ua8d90000c1e3@hotmail.com>

Sorry you are correct....you have to set it to false and add the user
account to /etc/ftpchroot.  Been using purftpd for a while now and forgot
about setting it up with OpenBSDs ftpd.
http://www.usa.openbsd.org/faq/faq10.html#FTPOnly

Randy
----- Original Message -----
From: "BSDaem0n ." <ntvsunix@hotmail.com>
To: <tech@openbsd.org>
Sent: Sunday, July 14, 2002 3:46 PM
Subject: Re: Apache Chroot


> >I just setup a new machine from current a couple of days ago and ran into
> >the fact that apache is now chrooted to /var/www.  At first I thought
there
> >was some sort of a problem and even reinstalled the system from scratch.
> >After a few hours I finally RTFM.  Sure enough the man page pointed out
> >that
> >it was chrooted and that I had to change paths in httpd.conf.
> >
> >The paths in the distributed httpd.conf file are all assuming a non
> >chrooted
> >server.  To save someone else some time, someone might want to change the
> >httpd.conf file paths and add a note in there as well as a note in the
> >afterboot man page.
> >
> >In researching the problem I also visited the apache.org website and
> >learned
> >that the user and group directives can also be used inside of virtual
host
> >containers.  This gave me an idea to further enhance an apache
> >installlation
> >on OpenBSD.
> >
> >Setup the server to run as www:www as usuall and then for each virtual
host
> >setup a system account with their shell set to nologin to give them
> >chrooted
> >ftp access to thier web content directory.   The virtual host container
for
> >that vhost would then have the user directive reflecting their system
> >account and the www group,  The directory would only be writeable by that
> >user and readable by the www group.  When running mod_perl or mod_php
they
> >would also inherit those permissions and should work well.  I will be
> >testing that theory here shortly.
>
> Doesn't nologin stop people from FTP'ing in as well?
>
>
> _________________________________________________________________
> MSN Photos is the easiest way to share and print your photos:
> http://photos.msn.com/support/worldwide.aspx

Follow-Ups:
- Re: Apache Chroot
  - From: Henning Brauer <lists-openbsdtech@bsws.de>

References:
- Re: Apache Chroot
  - From: "BSDaem0n ." <ntvsunix@hotmail.com>

Prev by Date: Re: Apache Chroot
Next by Date: Re: Apache Chroot
Prev by thread: Re: Apache Chroot
Next by thread: Re: Apache Chroot
Index(es):
- Date
- Thread