cgi chroot

Discussion in 'CGI/Perl/Python' started by subhuti, Feb 23, 2011.

  1. subhuti

    subhuti New Member

    Hello!
    I've found interesting information on your website

    (http://www.litespeedtech.com/docs/webserver/security/)
    also
    I see interesting options in the litespeed admin console
    such as "ExtApp Chroot Mode"
    I've changed it to virtualhost root but I was able to access system files from cgi (for example python "print open('/etc/passwd','r').read() )
    so I'm trying to figure out what does all this means:
    I understand that I can put litespeed server in chroot but how I can put separate cgi script in chroot
  2. mistwang

    mistwang LiteSpeed Staff

    You need to build the jail environment for the script, otherwise, it wont work.
    If you want per account chroot, you may have to use Cloud Linux SecureLVE, otherwise, it is pretty hard to maintain the chroot jail. Our 4.0.20 release should support SecureLVE on plain centos.
  3. subhuti

    subhuti New Member

    so, in future I have to create SecureLVE with securelve_user <domain_owner> (actually I already use this). Enable virtual host chroot and create document root path like /var/securelve/username/var/www/<vhost.domain.com>/httpdocs/ ?

    and what will give this SecureLVE option in litespeed ? what difference between LVE and SecureLVE options ?
  4. webizen

    webizen New Member

  5. subhuti

    subhuti New Member

Share This Page