"Fossies" - the Fresh Open Source Software Archive

Member "cgiwrap-4.1/htdocs/chroot.html" (16 Jun 2008, 1241 Bytes) of package /linux/www/old/cgiwrap-4.1.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) HTML source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 <TITLE>CGIWrap - Chroot Implementation</TITLE>
    2 <CENTER><H2>CGIWrap - Chroot Implementation</H2></CENTER>
    3 <HR><P>
    5 Note - This facility is for expert administrators only, cgi scripts
    6 will not work AT ALL if you don't do this right.
    7 <P><HR><P>
    9 The chroot facility in cgiwrap is built on a loopback filesystem approach. 
   10 What this means is - cgiwrap expects an equivalent filesystem structure
   11 inside the chrooted area as is outside. The prefix specified with 
   12 --with-chroot=PATH should point to the top of your chrooted area. 
   13 <P>
   14 Within the chrooted area, you should place any executables/libraries/tools
   15 that you want available to cgi scripts. For the user data within the filesystem
   16 I suggest you use a loopback NFS mount. Is suggest using the nosuid and nodev
   17 options on the mount for additional protection.
   18 <P>
   19 For optimum protection, you might also consider using a loopback NFS mount
   20 for the top level of the chroot area as well, mounted with the 'ro' mount
   21 option. This will prevent ANY changes to that filesystem. 
   22 <P>
   23 Note, this is not as secure as some chroot facilities, but it is more secure
   24 than the basic cgiwrap setup. For additional security, it is recommended that 
   25 user home directories have NO world/other permissions set.