httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matus UHLAR - fantomas <uh...@fantomas.sk>
Subject Re: [users@httpd] chrooted V non-chrooted
Date Mon, 22 Jun 2009 14:38:32 GMT
On 16.06.09 17:11, Igor Cicimov wrote:
> Running apache in chroot adds another layer of security. You can chroot the
> apache server and copy over all the libraries you need and only the programs
> you need like /bin/sh lets say to start/stop the server. In that way any
> security issue or intruder will end up in "jail" and have limited programs
> to run. Also what ever damage he/she might cause will be in the chroot
> enviroment, which you can esally recover, and not in your real root.
> 
> We run all our company production servers in chroot.

we use FreeBSD jail and linux vservers in the same manner. They also prevent
from using other IP addresses and access to our internal network (the data
files are nfs-mounter from an internal server).

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Silvester Stallone: Father of the RISC concept.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message