John Baker wrote:
I was torn between BSD and Debian Linux, and decided on BSD due to their almost frightening dedication to security. I have already spent a lot of time mucking through details and endlessly firing questions at the BSD community, and, thankfully, I've found them to be quite forthcoming with simple, straightforward answers to straightforward questions.
On Mon, 27 Jan 2003, Ben Siders wrote:
Date: Mon, 27 Jan 2003 08:48:58 -0600
From: Ben Siders <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Perl in OpenBSD Apache
I installed OpenBSD's Apache but the default configuration is that httpd
runs chroot'd to /var/www for security. This is fine, except that for
the life of me, I cannot get my Perl CGI scripts to run. I've tried
linking /usr/bin/perl into /var/www but that doesn't work because of the
chroot, I tried making a copy of the Perl interpretter and changing my
scripts to reference them, and that didn't work. How the heck are we
supposed to run any CGI then?
<soapbox> Expect to spend A LOT of time hacking BSD if you're new to it, but trust me, the benefits far outweight the hassles. There's a reason why customers don't run xBSD: it's hard and one has to have a propensity to want to hack a world-class OS. No doubt you're willing else you'd never have ventured down this path. =) </soapbox>
Yep, I took care of all of this stuff. When I run httpd with the -u flag, to run un-chroot'd, it works fine. But when I remove that flag to run "properly", I'm seeking a workaround for the chroot so that my scripts can see the interpretter. Links don't work. I tried putting a copy of the Perl interp. into /var/www/bin, since it runs chroot'd to /var/www, and then putting #!/var/www/bin/perl in my scripts, but it still doesn't find the interpretter (premature end of script headers).
The BSD purists are telling me it's a
security thing, and that's fine, I want a secure machine.
Yes, that and the server needs to be configured. Did you do that? Did you configure the pertinent vars within your httpd.conf (or OpenBSD's variant, i run FreeBSD)? Such variables as Port 80 ServerName xxx.net DocumentRoot "/path/to/htdocs" ErrorLog /path/to/apache/logs/error_log and this is crucial: ScriptAlias /cgi-bin/ "/path/to/apache/cgi-bin/"
But what good
is a secure machine that can't do anything? I really am trying to be a
good admin and not run httpd with -u to remove the chroot, but if
there's no way to run a Perl interpretter with the chroot on, it'll have
to go. It does me no good to run a really secure web server that can't
serve anything but html files.
If all else fails, the handbook should be on apache's site: http://www.apache.org/ jab
Duh, didn't think to check the obvious place. I'll take a peek.
-- Benjamin J. Siders Software Engineer -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
