httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard <guy...@telpacific.com.au>
Subject CGIwrap's chroot
Date Thu, 01 Jan 1970 00:00:00 GMT
I am working on CGIWrap these days. I install this
because I want to limit the user in certain directories.
But, I cann't work this out.

All my virtual hosts are under the directory /home/clients
eg. /home/clients/site1, /home/clients/site2
all these sites' html files are located in
/home/clients/username/http
and the cgi-bin directory is at
/home/clients/username/cgi-bin

All these users are in the same group 'clients'.

I configure the cgiwrap with
./configure --with-cgi-dir=cgi-bin --with-install-dir=/usr/local/cgiwrap --with-httpd-user=nobody
--with-install-group=wheel --with-chroot=../..
Then compile it.

I added the following settings in my httpd.conf in apache
<VirtualHost 192.168.0.2>
DocumentRoot /home/clients/123
ServerName site123
ScriptAlias /cgi-bin/ /usr/local/cgiwrap/
UserDir http
ScriptAliasMatch ~(.*)/cgi-bin/(.*) /home/clients/$1/cgi-bin/$2
</VirtualHost>

I use http://site123/cgi-bin/cgiwrap/123/env.cgi to test. Everything
seems to be well. However, I noticed that I can still go to
/  or /usr by using system() or readdir. Obveriously, the CHROOTing
is not working properly.

Then I tried 
--with-chroot=/					the same problem.
--with-chroot=..				CGI cann't execute
--with-chroot=/home/clients		CGI cann't execute

I tried sbox, with configuration
#define ROOT "../.."
#define CGI_BIN "../cgi-bin"
Everything goes well, and I can limit the users in a directory.
However, sbox does not seem to support a lot of Perl scripts.
Many scripts cann't execute after I installed the sbox.

Can anyon know how to work out the Chroot in CGIwrap?

Anyone who can help me will be very appreciated.

Thank you.

Richard
Mime
View raw message