httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Cicimov <icici...@gmail.com>
Subject Re: [users@httpd] chrooted V non-chrooted
Date Tue, 16 Jun 2009 07:11:48 GMT
Running apache in chroot adds another layer of security. You can chroot the
apache server and copy over all the libraries you need and only the programs
you need like /bin/sh lets say to start/stop the server. In that way any
security issue or intruder will end up in "jail" and have limited programs
to run. Also what ever damage he/she might cause will be in the chroot
enviroment, which you can esally recover, and not in your real root.

We run all our company production servers in chroot.

Cheers,

Igor

On Mon, Jun 15, 2009 at 6:40 PM, Fred Zinsli <fred.zinsli@shooter.co.nz>wrote:

> Hello everyone
>
> I can't seem to get my head around this chrooted and non-chrooted apache
> server thing at all.
>
> What are the pros & cons, advantages or dissadvantages of chrooted over
> non-chrooted apache servers.
>
> In a nutshell, is a preferable to run apache chrooted on a production
> server or not?
>
> Curently my public server is not chrooted but I am planning a major
> upgrade and I thought this would be a good opertunity to change my apache
> configuration at the same time if it was warranted.
>
> The server is currently configured for name based virtual hosts.
>
> Any comments would be most appreciated.
>
> Regards
>
> Fred
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message