Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
litespeed_wiki:chroot [2015/07/29 15:58] Michael Alegre [Why chroot a web server] |
— (current) | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== LiteSpeed in chroot jail ====== | ||
- | ===== What is chroot ===== | ||
- | "chroot" is a feature on Unix like system which can change the root directory of a process. A changed root process and its children process cannot access any file beyond the new root directory. It is like putting a process in a jail with physical file access boundries and the reason why this mechanism is often referred to as "chroot jail". | ||
- | |||
- | ===== Why chroot a web server ===== | ||
- | "chroot" is a great way to enhance the security of any web facing server. It is not possible to guarantee that a system will never be compromized by a hacker due to vulnerable software or CGI scripts. However, by running the server inside a chroot jail, potential damage can be minimized. | ||
- | |||
- | ===== How to setup chroot environment ===== | ||
- | Setting up a correct "chroot" environment is not an easy task: one needs to provide a minimum set of directories, device nodes and shared libraries that application needs in order to function properly. | ||
- | |||
- | For a web server, the difficult part is building the proper chroot environment: finding out what shared libraries are required by CGI applications. | ||
- | |||
- | LiteSpeed server has built-in chroot support which can automatically build a working chroot environment with PHP support at installation time, and provide a general tool to help you identify missing files required by a CGI application. chroot feature is only available with LiteSpeed Enterprise Edition. |