"Fossies" - the Fresh Open Source Software Archive

Member "mod_chroot-0.5/README.Apache20" (12 Jun 2005, 5216 Bytes) of package /linux/www/apache_httpd_modules/old/mod_chroot-0.5.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1                                    mod_chroot
    2 
    3    Starting from version 0.3 mod_chroot supports both Apache 1.3 and 2.0.
    4    While most problems with Apache 1.3 are solved in 2.0 (no more module
    5    ordering hassle, no need to apply EAPI patches), architecture changes that
    6    appeared in 2.0 created one new problem: multi-processing modules (MPMs).
    7    MPMs are core Apache modules responsible for handling requests and
    8    dispatching them to child processes/threads.
    9 
   10    Unfortunately, MPMs are initialized after all "normal" Apache modules.
   11    This basically means that with mod_chroot, MPM initialization is done
   12    after a chroot(2) call; when control is handed to MPM, Apache is already
   13    inside a jail. And MPMs need to create some files during startup (at least
   14    one, a pidfile) - these have to be placed inside the jail. I suggest
   15    creating a special directory for these files inside your jail,
   16    /var/www/var/run:
   17 
   18  # mkdir -p /var/www/var/run
   19  # chown -R root.root /var/www/var/run
   20 
   21    Then, put the following in httpd.conf:
   22 
   23  PidFile /var/run/httpd.pid
   24  ChrootDir /var/www
   25  DocumentRoot /
   26  ... other MPM directives (LockFile? ScoreBoardFile?)
   27 
   28    Remember that you'll also need to link /var/run/httpd.pid to
   29    /var/www/var/run/httpd.pid to keep apachectl happy:
   30 
   31  ln -s /var/www/var/run/httpd.pid /var/run/httpd.pid
   32 
   33    Note that this only applies to MPMs. All "normal" Apache modules will be
   34    initialized before chroot(2) call is done; all files required by these
   35    modules can safely be stored outside of the jail.
   36 
   37    Below I put a short list of MPM directives affected by mod_chroot.
   38    "Description" and "MPM" lines in this list are taken directly from Apache
   39    2.0 documentation. Note that in most cases I tested only one special file
   40    inside a jail is required: a pidfile. Your mileage may vary.
   41 
   42 PidFile
   43 
   44    Description File where the server records the process ID of the daemon     
   45       MPMs     beos, leader, mpm_winnt, mpmt_os2, perchild, prefork,          
   46                threadpool, worker                                             
   47                This one is probably unavoidable. Apache's pidfile needs to be 
   48       Notes    stored inside the jail. Use:                                   
   49                                                                               
   50                PidFile /var/run/httpd.pid                                     
   51 
   52 AcceptMutex
   53 
   54    Description Method that Apache uses to serialize multiple children         
   55                accepting requests on network sockets                          
   56       MPMs     leader, perchild, prefork, threadpool, worker                  
   57                If this directive is not set (or set to Default), the          
   58                compile-time selected default is used. Under all systems I     
   59                tested this default uses shared memory (posixsem, sysvsem or   
   60       Notes    pthread). Two other methods (flock and fcntl) require access   
   61                to a file (set with LockFile). If your Apache complains about  
   62                LockFile being unaccessible, try setting AcceptMutex to        
   63                sysvsem, posixsem or pthread. If your Apache doesn't support   
   64                them, try flock or fcntl and see LockFile.                     
   65 
   66 LockFile
   67 
   68    Description Location of the accept serialization lock file                 
   69       MPMs     leader, perchild, prefork, threadpool, worker                  
   70                If your system doesn't allow you to set AcceptMutex to         
   71                anything different than flock or fcntl, you'll need to store   
   72       Notes    the lockfile inside the jail. Use:                             
   73                                                                               
   74                LockFile /var/run/httpd.lock                                   
   75 
   76 CoreDumpDirectory
   77 
   78    Description Directory where Apache attempts to switch before dumping core  
   79       MPMs     beos, leader, mpm_winnt, perchild, prefork, threadpool, worker 
   80                You don't need this one unless you're debugging Apache.        
   81                Default value for this directive is the directory set with     
   82                ServerRoot, which is usually owned by root; Apache is unable   
   83       Notes    to create the coredump there anyway and discards it. If you    
   84                really want to analyze the dumps, use:                         
   85                                                                               
   86                CoreDumpDirectory /var/run                                     
   87 
   88 ScoreBoardFile
   89 
   90    Description Location of the file used to store coordination data for the   
   91                child processes                                                
   92       MPMs     beos, leader, mpm_winnt, perchild, prefork, threadpool, worker 
   93                If this directive is not specified, Apache will try to use     
   94                shared memory. If your architecture doesn't support that, a    
   95       Notes    file will be used. If this is your case, use:                  
   96                                                                               
   97                ScoreBoardFile /var/run/httpd.scoreboard