On May 7, 2008, at 11:00 AM, Nick Gearls wrote:
I propose to add the following:
In the usage:
All config files, logs, etc. are used by the main process and should
thus not be stored in the chroot. Only files used by children
listeners must be present in the chroot.
<note><title>Content of the chroot</title>
<p>The following files must be present in the chroot:</p>
<ul><li>/lib/libgcc_s.so.1 (Linux)</li>
<li>if bind (DNS) is used: /etc/resolv.conf & /lib/
libnss_dns.so.2 (Linux)</li>
<li>if a hosts file is used: /etc/hosts</li>
<li>if both a hosts file and bind (DNS) are used: /etc/
hosts.conf</li>
<li>HTML files (htdocs/ files)</li>
<li>Temporary files used by modules (ex: ModSecurity temp
files)</li>
<li>When using additional modules, other files may be
needed</li>
</ul>
<p><b>Remark:</b> shared object can also be loaded explicitely
in httpd.conf, instead of copying them into the chroot.
When using Apache as a reverse proxy, the chroot could thus
potentially
be totally empty.</p>
</note>
I was sort of hoping for a separate how-to page; with the exact 'chmod/
own' settings, groups
you need to create, information about the log file locations/
ownership, the ownership of the
cache directories and so on.
Dw,.
