Wiki
 

LiteSpeed in chroot jail

What is chroot

“chroot” is a feature on Unix like system which can change the root directory of a process. A changed root process and its children process cannot access any file beyond the new root directory. It is like putting a process in a jail with physical file access boundries and the reason why this mechanism is often referred to as “chroot jail”.

Why chroot a web server

“chroot” is a great way to enhance the security of any web facing server. It is not possible to guarantee that a system will never be compromized by a hacker due to vulnerable software or CGI script. However, by running the server inside a chroot jail, potential damage can be minimized.

How to setup chroot environment

Setting up a correct “chroot” environment is not an easy task: one needs to provide a minimum set of directories, device nodes and shared libraries that application needs in order to function properly.

For a web server, the difficult part is buildig the proper chroot environment: finding out what shared libraries are required by CGI applications.

LiteSpeed server has built-in chroot support which can automatically build a working chroot environment whith PHP support at installation time, and provide a general tool to help you identify missing files required by a CGI application. chroot feature is only available with LiteSpeed Enterprise Edition.

 
litespeed_wiki/chroot.txt · Last modified: 2006/08/24 22:21 (external edit)