On 2023/03/08 10:10, Glen Gunsalus wrote: > > On 3/7/23 15:33, Stuart Henderson wrote: > > On 2023-03-07, Glen Gunsalus <g-gunsa...@mindspring.com> wrote: > > > To get this running cp'd perl (/usr/bin/perl) and relevant perl libs > > > (/usr/lib/[libs.so|libm.so|libperl.so] /usr/libexec/ld.so) to > > > /var/www/usr/[bin|lib|libexec] > > > > You shouldn't need that bit (and it is safer not to) - smokeping_fcgi > > does not chroot. > > > > > Hmm, I did this on the basis of a post by you (5/11/20) in response to Tom > (5/10/20) which I interpreted as needing several files moved into www "jail."
No that was me saying "this software is not really meant to work with chroot and if you're copying enough into the chroot that it works, you're providing a lot of extra tools to someone who is able to execute code within the jail" > ----------------quote-------------------------- > bgplg is designed to run in a jail, it is a small C program and even > then it needs specially compiled versions of the external dependencies > (ping, bgpctl etc). > > Smokeping isn't - if you want to run the graph generating part of > smokeping (i.e. the cgi/fcgi script) inside a chroot jail, a whole lot > more is needed - a copy of perl and various modules, rrdtool, > rrdtool's library dependencies, fonts, and I think there were config > files for some of the libraries. I did this in the past but it's a > real mess and easy to break at update time, and the amount of things > copied in means that the chroot ends up more as "luxury camping" than > "jail" 😉 > ----------------end quote------------------- > > I had been running smokeping and mrtg with apache for a number of years, but > when OpenBSD abandoned apache I looked at nginx for transition then httpd > came along and looked both more attractive and likely to be more long lived > under OpenBSD. > > It was Tom's post that got me started down the httpd path. I have been > running with httpd since that time. > I can't remember the details, but think I initially tried w/o the cp'd files, > but was not successful so began incrementally moving goodies into /var/www > until it worked. > I will try rm'ing or mv'ing those in /var/www and see how it goes. > > Thanks for your help. > > Regards, Glen
