Enable Apache’s inbuilt chroot functionality
Posted in Operating Systems, Linux, Fedora, Debian, Red Hat, Services, Apache, Tips on Monday, June 16, 2014 by cam
This works on all versions of Apache webserver greater than 2.2.10.
I’ll presume you have a current working version of Apache serving files from /var/www/
mkdir -p /chroot/var/
Required for PHP5 compatibility:
mkdir -p /chroot/var/lib/php5 chown root:www-data /chroot/var/lib/php5 chmod 770 /chroot/var/lib/php5 cp /etc/localtime /chroot/etc/localtime cp -R /usr/share/zoneinfo /chroot/usr/share/zoneinfo cp -R /usr/share/apache2 /chroot/usr/share/apache2
mv /var/www /chroot/var/
To help with compatibility and user / sysadmin expectations
ln -s /chroot/var/www /var/www
Enable Apache’s in-built chroot (Debian)
echo "ChrootDir /chroot" > /etc/apache2/conf.d/chroot
Enable Apache’s in-built chroot (Redhat/CentOS/Fedora)
echo "ChrootDir /chroot" >> /etc/httpd/conf/httpd.conf semanage fcontext -a -t httpd_sys_content_t “/chroot/var/www(/.*)?”
service apache2 restart
Now test your damn website! Logfiles are your friend for troubleshooting any bugs :-)