chroot noob and apache

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I'm trying to chroot apache 2 within the path /chroot.

I've satisfied the dev, lib and bin dependencies (or at least I don't
get any error messages about them on the console or in logs).  I also
created (physical) /chroot/etc/passwd containing one line
(www:x:1001:1001:www:/dev/null:/bin/false) and (physical)
/chroot/etc/group containing one line (www:x:1001:www).  In httpd.conf,
I set the User and Group directives to www.

When I run "chroot /chroot /bin/httpd", however, I get "httpd: bad user
name www".

I tried adding www to (physical) /etc/passwd and group and got the same
message.  When I added root to the chrooted passwd and group files and
"chroot /chroot"ed, ls -l returned UID and GIDs only.  I've undone both
of these changes already.

File permissions on /chroot/etc are root root 755 and permissions on
the files within are root root 644.

Obviously I'm doing something wrong... but what?

Re: chroot noob and apache

On Thu, 23 Feb 2006 12:15:25 -0800, david.m.mahon wrote:

Quoted text here. Click to load it

It probably expects a "root" (or some other name) mapping to UID 0 to
exist for the main process, something like the following in /etc/passwd:


Quoted text here. Click to load it

You'll only see names when "www" also exists in your non-chrooted
environment. Otherwise "cp" the "ls" binary (and anything "ldd" and/or
"strace" tells it needs) to your chroot and execute:

chroot /chroot /bin/ls -l

Quoted text here. Click to load it

I don't think so. Look at the output of: 'ps -efaxu' and/or 'pstree -aup'
(on a non-chroot Apache) to see under which user(s) those processes run.



Re: chroot noob and apache wrote:

Quoted text here. Click to load it

Got an nsswitch.conf in your /chroot/etc?

Got all the nss libs installed?


Re: chroot noob and apache

Thanks for your help.  Colin, you pointed me in the right direction.  I
had nsswitch.conf and the nss_files lib, but my chrooted nsswitch.conf
was looking for "compat" for password, group and shadow.  I switched
them to "files" and presto-chango, the chrooted filesystem works.

Excuse me while I kick myself for overlooking the (in hindsight)

Site Timeline