DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 18th April 2015
morophla morophla is offline
Port Guard
 
Join Date: Apr 2015
Posts: 10
Thanked 0 Times in 0 Posts
Default httpd.conf chroot

Hi!

I try to set the global chroot option in httpd.conf in openbsd 5.6 as said in the man page (httpd 8) but I get a syntax error.

In httpd.conf:

chroot /chroot/home

Is this option removed or moved anywhere else?

Thanks!

Last edited by morophla; 19th April 2015 at 12:19 AM.
Reply With Quote
  #2   (View Single Post)  
Old 19th April 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 4,283
Thanked 214 Times in 189 Posts
Default

The man page might not be completely clear. I've just tested and found that while your syntax fails, adding quotation marks, as shown below, is valid.
Code:
chroot "/chroot/home"
I hope this helps.
Reply With Quote
  #3   (View Single Post)  
Old 19th April 2015
morophla morophla is offline
Port Guard
 
Join Date: Apr 2015
Posts: 10
Thanked 0 Times in 0 Posts
Default

Yes, there's no more syntax error message with quotes but the server doesn't start this way. No error message but it doesn't start.

If I comment the chroot line the server works perfectly.

The man page said we can use this option, but how?
Reply With Quote
  #4   (View Single Post)  
Old 19th April 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 4,283
Thanked 214 Times in 189 Posts
Default

You must provide the infrastructure required by httpd within the chroot. I recommend copying /var/www's directory structure into your /chroot/home -- you'll need a logs directory at minimum, and you may need other structures already found in /var/www. Copying all of them is probably easiest.

You can run httpd in a console with -d, for testing, and you can add one (or more ) -v options to produce debug output.

Just in case you are not already aware of it ... there are reliability (#9) and security (#15) patches for httpd available for 5.6-release.
Reply With Quote
  #5   (View Single Post)  
Old 19th April 2015
morophla morophla is offline
Port Guard
 
Join Date: Apr 2015
Posts: 10
Thanked 0 Times in 0 Posts
Default

Ok, cool. The process starts and the chroot is moved!

Thanks!
Reply With Quote
Reply

Tags
httpd.conf chroot

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ftp jailing ftp-chroot pico OpenBSD Security 4 30th March 2010 06:44 AM
Chroot web-browsing Oko OpenBSD Security 1 29th December 2008 01:37 PM
Update httpd.conf IPs from DNS zones. bigb89 Programming 16 2nd December 2008 02:02 AM
httpd.conf Snoop1990 General software and network 5 29th July 2008 04:30 AM
apache 2.2.8 , is it on chroot by default? superslot OpenBSD Security 9 30th June 2008 11:56 AM


All times are GMT. The time now is 02:51 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick