"Fossies" - the Fresh Open Source Software Archive
As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard
) with prefixed line numbers.
Alternatively you can here view
the uninterpreted source code file.
3 Starting from version 0.3 mod_chroot supports both Apache 1.3 and 2.0.
4 While most problems with Apache 1.3 are solved in 2.0 (no more module
5 ordering hassle, no need to apply EAPI patches), architecture changes that
6 appeared in 2.0 created one new problem: multi-processing modules (MPMs).
7 MPMs are core Apache modules responsible for handling requests and
8 dispatching them to child processes/threads.
10 Unfortunately, MPMs are initialized after all "normal" Apache modules.
11 This basically means that with mod_chroot, MPM initialization is done
12 after a chroot(2) call; when control is handed to MPM, Apache is already
13 inside a jail. And MPMs need to create some files during startup (at least
14 one, a pidfile) - these have to be placed inside the jail. I suggest
15 creating a special directory for these files inside your jail,
18 # mkdir -p /var/www/var/run
19 # chown -R root.root /var/www/var/run
21 Then, put the following in httpd.conf:
23 PidFile /var/run/httpd.pid
24 ChrootDir /var/www
25 DocumentRoot /
26 ... other MPM directives (LockFile? ScoreBoardFile?)
28 Remember that you'll also need to link /var/run/httpd.pid to
29 /var/www/var/run/httpd.pid to keep apachectl happy:
31 ln -s /var/www/var/run/httpd.pid /var/run/httpd.pid
33 Note that this only applies to MPMs. All "normal" Apache modules will be
34 initialized before chroot(2) call is done; all files required by these
35 modules can safely be stored outside of the jail.
37 Below I put a short list of MPM directives affected by mod_chroot.
38 "Description" and "MPM" lines in this list are taken directly from Apache
39 2.0 documentation. Note that in most cases I tested only one special file
40 inside a jail is required: a pidfile. Your mileage may vary.
44 Description File where the server records the process ID of the daemon
45 MPMs beos, leader, mpm_winnt, mpmt_os2, perchild, prefork,
46 threadpool, worker
47 This one is probably unavoidable. Apache's pidfile needs to be
48 Notes stored inside the jail. Use:
50 PidFile /var/run/httpd.pid
54 Description Method that Apache uses to serialize multiple children
55 accepting requests on network sockets
56 MPMs leader, perchild, prefork, threadpool, worker
57 If this directive is not set (or set to Default), the
58 compile-time selected default is used. Under all systems I
59 tested this default uses shared memory (posixsem, sysvsem or
60 Notes pthread). Two other methods (flock and fcntl) require access
61 to a file (set with LockFile). If your Apache complains about
62 LockFile being unaccessible, try setting AcceptMutex to
63 sysvsem, posixsem or pthread. If your Apache doesn't support
64 them, try flock or fcntl and see LockFile.
68 Description Location of the accept serialization lock file
69 MPMs leader, perchild, prefork, threadpool, worker
70 If your system doesn't allow you to set AcceptMutex to
71 anything different than flock or fcntl, you'll need to store
72 Notes the lockfile inside the jail. Use:
74 LockFile /var/run/httpd.lock
78 Description Directory where Apache attempts to switch before dumping core
79 MPMs beos, leader, mpm_winnt, perchild, prefork, threadpool, worker
80 You don't need this one unless you're debugging Apache.
81 Default value for this directive is the directory set with
82 ServerRoot, which is usually owned by root; Apache is unable
83 Notes to create the coredump there anyway and discards it. If you
84 really want to analyze the dumps, use:
86 CoreDumpDirectory /var/run
90 Description Location of the file used to store coordination data for the
91 child processes
92 MPMs beos, leader, mpm_winnt, perchild, prefork, threadpool, worker
93 If this directive is not specified, Apache will try to use
94 shared memory. If your architecture doesn't support that, a
95 Notes file will be used. If this is your case, use:
97 ScoreBoardFile /var/run/httpd.scoreboard