httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Trainor <>
Subject Re: [users@httpd] SSL & mod_chroot
Date Tue, 08 Feb 2005 14:55:32 GMT
John wrote:
> mod_chroot chroot() every apache process.
> Is that suEXEC does?
> ----- Original Message ----- 
> From: "Dan Trainor" <>
> To: <>
> Sent: Tuesday, February 08, 2005 4:29 PM
> Subject: Re: [users@httpd] SSL & mod_chroot
>>John wrote:
>>>Hello all
>>>Has anyone tried to mod_chroot apache 1.x or 2.x (enabling also mod_ssl)
> ?
>>I have not tinkered with this, but I have become quite familiar with
>>suEXEC'ing under Apache 1.3.  I believe that I will stick with suEXEC
>>indefinately because it's an actual built-in element to Apache (once
>>enabled), and I think that the Apache team would know their own security
>>better than anyone else.
>>I think suEXEC'ing in a shared hosting environment is better, because
>>access can be more strictly controlled when dealing with individual
>>users - not to say that some users should have more privileges than
>>others, but... yea.
>>mod_chroot looks rather interesting, I'm going to take a look at it.

For the mostpart, yes.  BUt I've found it particularly useful because it 
chroot's every process to a specific username specified in whichever 
configuration you give it.  This way, I can give all my customers unique 
user ID's, and lock them down tightly.  I believe that this procedure 
gives the admin more flexibility, especially when dealing with 
permissions that may be specific to one site, installation, domain, 
setup, whatever.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message