Hi developers.
I apologize for my bad English, had to use the services of google.
1. create a folder chroot
2. installing lsws 4.1.24 Ent to /chroot/lsws , in the installation activate the option chroot to folder /chroot
-------------------------
immediately see the problem, the control panel does not start: error: 2012-06-19 11:34:49.824 [STDERR] lscgid: chdir():/lsws/admin/fcgi-bin/: No such file or directory
temp fix this problem: ln -s /chroot/lsws /lsws
Well, start up an administrative panel.
an see on the disk 2 folders:
/chroot/tmp/lshttpd
and
/tmp/lshttpd
In admin panel i see error: 2012-06-19 12:20:42.201 ERROR Failed to open the status report: /chroot/tmp/lshttpd/.status.tmp!
before starting lsws to do command: mount --bind /tmp/lshttpd /chroot//tmp/lshttpd
3. The server is configured as follows:
Configuration -> Server ->
Enable chroot: Yes
Chroot path: /croot
Virtual Host Template -> PHP_SuEXEC -> Security
ExtApp Resource Control
ExtApp Chroot Mode -> Same as Server
In my opinion Chroot fully configured.
Restart the server to be sure that the configuration is applied.
The tests are performed on the virtual server is configured by default.
Change /chroot/lsws/DEFAULT/html/phpinfo.php
-------------------------
<HTML>
<BODY>
<?php
print_r(system("ls -l /"));
// phpinfo()
?>
</BODY>
</HTML>
----------------------------
The output of the script was surprised:
<HTML>
<BODY>
total 25
drwxr-xr-- 6 root root 368 Sep 19 2011 backup
drwxr-xr-x 2 root root 2672 Feb 11 2010 bin
drwxr-xr-x 4 root root 1024 Feb 16 2010 boot
drwxr-xr-x 9 root root 216 Jun 19 11:29 chroot
drwxr-xr-x 15 root root 3680 Jun 18 03:10 dev
drwxr-xr-x 62 root root 4408 Jun 19 11:54 etc
drwxr-xr-x 10 root root 264 Apr 11 2011 home
lrwxrwxrwx 1 root root 5 Apr 22 2010 lib -> lib64
drwxr-xr-x 3 root root 3728 Apr 22 2010 lib32
drwxr-xr-x 13 root root 4696 Jan 9 2011 lib64
lrwxrwxrwx 1 root root 12 Jun 19 11:38 lsws -> /chroot/lsws
drwxr-xr-x 5 root root 144 Jul 23 2009 mnt
drwxr-xr-x 10 root root 224 Oct 13 2010 opt
dr-xr-xr-x 250 root root 0 Mar 10 2011 proc
drwx------ 15 root root 632 Nov 25 2011 root
drwxr-xr-x 2 root root 5264 Oct 21 2010 sbin
drwxr-xr-x 2 root root 168 Nov 25 2009 service
drwxr-xr-x 12 root root 0 Mar 10 2011 sys
drwxrwxrwt 16 root root 3232 Jun 19 12:00 tmp
drwxr-xr-x 16 root root 512 Sep 3 2010 usr
drwxr-xr-x 15 root root 384 Aug 4 2009 var
drwxr-xr-x 15 root root 384 Aug 4 2009 var</BODY>
</HTML>
Those, php lsapi of running out of /chroot.
But it is not the last strange thing.
Internal variables $VH_ROOT and $DOC_ROOT, calculated by adding the prefix /chroot
instead of the expected( /lsws/DEFAULT and /lsws/DEFAULT/html): /chroot/lsws/DEFAULT and /chroot/lsws/DEFAULT/html
If you are using an depricated open_base_dir, the situation is more complicated
Target file must be available both, inside chroot, and outside.
If you have the target file is available only outside chroot, you will get the expected 403.
If you have the target file is only available within the chroot, you get a blank page, without a errors in the server logfiles.
In my opinion, at the moment enable Chroot in lsws does not make sense. Requires a serious revision of this issue.
Pavlo.
I apologize for my bad English, had to use the services of google.
1. create a folder chroot
2. installing lsws 4.1.24 Ent to /chroot/lsws , in the installation activate the option chroot to folder /chroot
-------------------------
immediately see the problem, the control panel does not start: error: 2012-06-19 11:34:49.824 [STDERR] lscgid: chdir():/lsws/admin/fcgi-bin/: No such file or directory
temp fix this problem: ln -s /chroot/lsws /lsws
Well, start up an administrative panel.
an see on the disk 2 folders:
/chroot/tmp/lshttpd
and
/tmp/lshttpd
In admin panel i see error: 2012-06-19 12:20:42.201 ERROR Failed to open the status report: /chroot/tmp/lshttpd/.status.tmp!
before starting lsws to do command: mount --bind /tmp/lshttpd /chroot//tmp/lshttpd
3. The server is configured as follows:
Configuration -> Server ->
Enable chroot: Yes
Chroot path: /croot
Virtual Host Template -> PHP_SuEXEC -> Security
ExtApp Resource Control
ExtApp Chroot Mode -> Same as Server
In my opinion Chroot fully configured.
Restart the server to be sure that the configuration is applied.
The tests are performed on the virtual server is configured by default.
Change /chroot/lsws/DEFAULT/html/phpinfo.php
-------------------------
<HTML>
<BODY>
<?php
print_r(system("ls -l /"));
// phpinfo()
?>
</BODY>
</HTML>
----------------------------
The output of the script was surprised:
<HTML>
<BODY>
total 25
drwxr-xr-- 6 root root 368 Sep 19 2011 backup
drwxr-xr-x 2 root root 2672 Feb 11 2010 bin
drwxr-xr-x 4 root root 1024 Feb 16 2010 boot
drwxr-xr-x 9 root root 216 Jun 19 11:29 chroot
drwxr-xr-x 15 root root 3680 Jun 18 03:10 dev
drwxr-xr-x 62 root root 4408 Jun 19 11:54 etc
drwxr-xr-x 10 root root 264 Apr 11 2011 home
lrwxrwxrwx 1 root root 5 Apr 22 2010 lib -> lib64
drwxr-xr-x 3 root root 3728 Apr 22 2010 lib32
drwxr-xr-x 13 root root 4696 Jan 9 2011 lib64
lrwxrwxrwx 1 root root 12 Jun 19 11:38 lsws -> /chroot/lsws
drwxr-xr-x 5 root root 144 Jul 23 2009 mnt
drwxr-xr-x 10 root root 224 Oct 13 2010 opt
dr-xr-xr-x 250 root root 0 Mar 10 2011 proc
drwx------ 15 root root 632 Nov 25 2011 root
drwxr-xr-x 2 root root 5264 Oct 21 2010 sbin
drwxr-xr-x 2 root root 168 Nov 25 2009 service
drwxr-xr-x 12 root root 0 Mar 10 2011 sys
drwxrwxrwt 16 root root 3232 Jun 19 12:00 tmp
drwxr-xr-x 16 root root 512 Sep 3 2010 usr
drwxr-xr-x 15 root root 384 Aug 4 2009 var
drwxr-xr-x 15 root root 384 Aug 4 2009 var</BODY>
</HTML>
Those, php lsapi of running out of /chroot.
But it is not the last strange thing.
Internal variables $VH_ROOT and $DOC_ROOT, calculated by adding the prefix /chroot
instead of the expected( /lsws/DEFAULT and /lsws/DEFAULT/html): /chroot/lsws/DEFAULT and /chroot/lsws/DEFAULT/html
If you are using an depricated open_base_dir, the situation is more complicated
Target file must be available both, inside chroot, and outside.
If you have the target file is available only outside chroot, you will get the expected 403.
If you have the target file is only available within the chroot, you get a blank page, without a errors in the server logfiles.
In my opinion, at the moment enable Chroot in lsws does not make sense. Requires a serious revision of this issue.
Pavlo.
Last edited:
