Hey all. I've got a problem chrooting apache2 in sarge.
Here is the problem: I followed the linux.com tutorial on chrooting apache (http://www.linux.com/article.pl?sid=04/05/24/1450203) but at the end when I get to start apache it doesn't work: #/etc/init.d/apache2 start Starting apache: chroot: cannot run command `/usr/sbin/apache2ctl': No such file or directory I know that I have both the normal root /usr/sbin/apache2ctl and the chroot directory one /chroot/httpd/usr/sbin/apache2ctl. So, I hope someone can help me out. Thanks, -Gezim P.S.: During this attempt I tried to create some documentation for the future, so this might help as to where I might have gone wrong: CHROOTING APACHE (debian 3.1) ---------------- 1.) If "apache" group or something similar (e.g. www-data) to run apache doesn't exit, add one with "groupadd apache". 2.) If "apache" user or something similar (e.g www-data) to run apache doesn't exist, add one with: "useradd -c "Apache Server" -d /dev/null -g apache -s \ /bin/false apache" 3.) Now create the directory structure: mkdir /chroot mkdir /chroot/httpd/ mkdir /chroot/httpd/dev/ mkdir /chroot/httpd/lib/ mkdir /chroot/httpd/etc mkdir -p /chroot/httpd/usr/sbin/ mkdir /chroot/httpd/usr/lib mkdir /chroot/httpd/usr/libexec mkdir -p /chroot/httpd/var/run mkdir -p /chroot/httpd/var/log/apache mkdir -p /chroot/httpd/home/httpd Now fix the permissions: chown -R root /chroot/httpd/ chmod -R 0755 /chroot/httpd chmod 750 /chroot/httpd/var/log/apache Now create special devices such as /dev/null: mknod /chroot/httpd/dev/null c 1 3 chown root.sys /chroot/httpd/dev/null chmod 666 /chroot/httpd/dev/null 4.) Copy the configuartion files: cp -r /etc/apache2/ /chroot/httpd/etc 5.) Copy Apache DocumentRoot and CGI scripts: cp -r /var/www/ /chroot/httpd/var/ 6.) Copy httpd binary (and, if you use them, the Apache scripts) from /usr/sbin: cp /usr/sbin/apache2* /chroot/httpd/usr/sbin/ 7.) If you need to use mod_ssl copy the /etc/ssl directory and its contents. 8.) Run "ldd /chroot/httpd/usr/sbin/apache2" to find out what libraries apache needs and copy them too. 8.5) Certain libraries are needed for some standard networking functionaliy: cp /lib/libnss_compat* /chroot/httpd/lib/ cp /lib/libnss_dns* /chroot/httpd/lib/ cp /lib/libnss_files* /chroot/httpd/lib/ cp /lib/libnsl* /chroot/httpd/lib/ 9.) Copy passwd and group files: cp /etc/passwd /chroot/httpd/etc/ cp /etc/group /chroot/httpd/etc/ 10.) Remove all users from /chroot/httpd/etc/passwd execpt www-data. 11.) Remove all groups from /chroot/httpd/etc/group except www-data. 12.) Copy needed network configuration files: cp /etc/hosts/ /chroot/httpd/etc/ cp /etc/host.conf /chroot/httpd/etc/ cp /etc/resolv.conf /chroot/httpd/etc/ cp /etc/nsswitch.conf /chroot/httpd/etc/ 13.) For extra security set the immutable bit on for above files: chattr +i /chroot/httpd/etc/hosts chattr +i /chroot/httpd/etc/host.conf chattr +i /chroot/httpd/etc/resolv.conf chattr +i /chroot/httpd/etc/nsswitch.conf chattr +i /chroot/httpd/etc/passwd chattr +i /chroot/httpd/etc/group 14.) Copy the appropriate localtime to to /chroot/httpd/etc/localtime: cp /usr/share/zoneinfo/Canada/Mountain /chroot/httpd/etc/localtime 15.) In /etc/init.d/syslogd change SYSLOGD="" to SYSLOGD="-m 0 -a /chroot/httpd/dev/log" 16.) Create necessary log files and set the appendable bit on them: touch /chroot/httpd/var/log/apache/access_log touch /chroot/httpd/var/log/apache/error_log chmod 600 /chroot/httpd/var/log/apache/* chattr +a /chroot/httpd/var/log/apache/* 17.) In /etc/init.d/apache2 change: APACHE2="$ENV /usr/sbin/apache2" APACHE2CTL="$ENV /usr/sbin/apache2ctl" to APACHE2="$ENV /usr/sbin/chroot /chroot/httpd/ /usr/sbin/apache2" APACHE2CTL="$ENV /usr/sbin/chroot /chroot/httpd/ /usr/sbin/apache2ctl" 18.) Test it by shutting down the apache2ctl (if not done so already). Restart the syslogd by: /etc/init.d/syslogd restart then start the chrooted version of apache: ....no wokring! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
