Re: ALPHA release of apache-1.0.0-1 now available
'Michael Alan Dorman wrote:'
>
>> /usr/lib/apache is my choice for serverroot. Where the documents go
>> is site-specific. I'd like to also include an option to chroot httpd
>> to /usr/local/http or somesuch. Can dpkg install a package under some
>> arbitrary directory? If so then the preinst script might be able to get
>> everything into /usr/local/http and run httpd under chroot (for the
>> security paranoid).
>
>Uh, why would you want to chroot the httpd? Wouldn't that cause mondo
>problems, especially if we try and get it to do stuff like dynaloading
>modules, etc.?
>
For extra security. Like any chroot environment, you need to copy all
the shared libs into $chroot. But if a complete list were determined,
it could be done in the postinst. Net Access is currently running
apache in a chroot environment for extra security. I think it would
be nice to add this feature (My only problem is I'm not sure dpkg can
handle it - Ian?).
--
Christopher J. Fearnley | UNIX SIG Leader at PACS
cjf@netaxs.com (finger me!) | (Philadelphia Area Computer Society)
cfearnl@pacs.pha.pa.us | Design Science Revolutionary
http://www.netaxs.com/~cjf | Explorer in Universe
"Dare to be Naive" -- Bucky Fuller | Linux Advocate
Reply to: