IT Dribble

Mutterings, inconsistant tips, rants and randomness

Operating Systems, Linux, Fedora, Debian, Red Hat, Services, Apache, Tips

Enable Apache’s inbuilt chroot functionality

by

This works on all versions of Apache webserver greater than 2.2.10.
I’ll presume you have a current working version of Apache serving files from /var/www/

mkdir -p /chroot/var/ 

Required for PHP5 compatibility:

mkdir -p /chroot/var/lib/php5
chown root:www-data /chroot/var/lib/php5
chmod 770 /chroot/var/lib/php5
cp /etc/localtime /chroot/etc/localtime
cp -R /usr/share/zoneinfo /chroot/usr/share/zoneinfo
cp -R /usr/share/apache2 /chroot/usr/share/apache2 
mv /var/www /chroot/var/ 

To help with compatibility and user / sysadmin expectations

ln -s /chroot/var/www /var/www 

Enable Apache’s in-built chroot (Debian)

echo "ChrootDir /chroot" > /etc/apache2/conf.d/chroot 

Enable Apache’s in-built chroot (Redhat/CentOS/Fedora)

echo "ChrootDir /chroot" >> /etc/httpd/conf/httpd.conf 
semanage fcontext -a -t httpd_sys_content_t “/chroot/var/www(/.*)?”

service apache2 restart 

Now test your damn website! Logfiles are your friend for troubleshooting any bugs :-)