Vivek Ayer wrote: > Hi guys, > > Because I believe OpenBSD's apache is chrooted, it's causing problems > with texvc parsing stuff.
then run it with a -u... There are things that should be chrooted, and there are things that are more trouble than they are worth to chroot. I think your project falls in the later category. Don't think about getting something working, think about KEEPING it working over the life span of the project...updates to the OS and apps every six months...more often if critical bugs are found. http://www.openbsd.org/faq/faq10.html#httpdchroot "...the starting configuration of the OpenBSD chroot(2)ed Apache is where the user the httpd(8) program is running as can not run any programs, can not alter any files, and can not assume another user's identity. Loosen these restrictions, you have lessened your security, chroot or no chroot." Your wiki server CAN run programs (probably lots of them), CAN alter files. And, once you get all the pieces working...you will have to do it again every six months, but you probably won't, because it is too much work, so you will have a LESS secure system than an easy-to- maintain, "untrusted" wiki server. remember: the chroot is not the goal, a secure and maintainable web server is the goal. chroot is just one tool to achive that, and it is not universally applicable. Nick.
