On Mon, 27 Jan 2003 10:04:06 -0500 (EST)
John Baker <[EMAIL PROTECTED]> wrote:
>
>
>
> On Mon, 27 Jan 2003, Ben Siders wrote:
>
> > Date: Mon, 27 Jan 2003 08:48:58 -0600
> > From: Ben Siders <[EMAIL PROTECTED]>
> > To: [EMAIL PROTECTED]
> > Subject: Perl in OpenBSD Apache
> >
> > I installed OpenBSD's Apache but the default configuration is that httpd
> > runs chroot'd to /var/www for security. This is fine, except that for
> > the life of me, I cannot get my Perl CGI scripts to run. I've tried
> > linking /usr/bin/perl into /var/www but that doesn't work because of the
> > chroot, I tried making a copy of the Perl interpretter and changing my
> > scripts to reference them, and that didn't work. How the heck are we
> > supposed to run any CGI then?
> >
> <soapbox>
> Expect to spend A LOT of time hacking BSD if you're new to it, but
> trust me, the benefits far outweight the hassles. There's a reason
> why customers don't run xBSD: it's hard and one has to have a propensity
> to want to hack a world-class OS. No doubt you're willing else you'd
> never have ventured down this path. =)
> </soapbox>
OpenBSD is by far the simplest BSD out there, and generaly easier to configure than
linux.
> >The BSD purists are telling me it's a
> > security thing, and that's fine, I want a secure machine.
> >
> Yes, that and the server needs to be configured. Did you do that?
> Did you configure the pertinent vars within your httpd.conf (or
> OpenBSD's variant, i run FreeBSD)? Such variables as
>
> Port 80
> ServerName xxx.net
> DocumentRoot "/path/to/htdocs"
> ErrorLog /path/to/apache/logs/error_log
>
> and this is crucial:
> ScriptAlias /cgi-bin/ "/path/to/apache/cgi-bin/"
>
>
> > But what good
> > is a secure machine that can't do anything? I really am trying to be a
> > good admin and not run httpd with -u to remove the chroot, but if
> > there's no way to run a Perl interpretter with the chroot on, it'll have
> > to go. It does me no good to run a really secure web server that can't
> > serve anything but html files.
> >
I just did this 2 weeks ago when I upgraded to 3.2.
the thing is, even when you get perl inside /var/www however you do it, perl still
links to system libraries; use ldd to see these libraries -
#ldd /usr/bin/perl
Theres 2 ways to get this to work. 1; You can compile perl to be completely static
inside /var/www (no linking at all) or 2; you can mirror your system perl inside
/var/www .
I tried to staticly compile perl but I never could get one of the librarys to be
static. So I chose the second way..
I'll try to explain this as simply as I can.
first make the directorys you need in /var/www; # mkdir -p /var/www/usr/bin/
mkdir -p /var/www/usr/lib /var/www/usr/libexec
next Copy everthing in there just like it is on your system.
cp -R /usr/lib/perl /var/www/usr/lib/perl
cp /usr/bin/perl /var/www/usr/bin/perl
Here to know what librarys to move into /var/www/usr/lib you need to use ldd as i
explained above.
ldd /usr/bin/perl
output should look similar to this;
/usr/bin/perl:
-lm.0 => /usr/lib/libm.so.0.1 (0x400e6000)
-lc.28 => /usr/lib/libc.so.28.5 (0x400fa000)
-lutil.7 => /usr/lib/libutil.so.7.1 (0x401b3000)
so you need to Copy /usr/lib/libm.so.0.1 etc, etc, into /var/www/usr/lib
lastly you need to Copy /usr/libexec/ld.so into /var/usr/libexec/ld.so
that should be it, your cgi-scripts can still use #!/usr/bin/perl and they will look
in /var/www/usr/bin/perl
the only problems is you may need to copy any new perl mods you build into your www
perl directory every time.. And also i've noticed the Perl in www doesnt understand
certain cl switches.. but my cgi-scripts are all running fine so I dont mind that.
The only other downside to this is, if you have any cgi-scripts that use external
programs, they wont work. for example I was recently thinking of checking out cgiburn
a perl cgi program to make burning cd's easy.. I cant use it becouse it uses other
programs like cdrecord. oh well..
I would first suggest building perl statically. maybe you will have better luck than i
did, that way you can just use cpan with your www perl separate from system perl.
Good luck.
>
>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
