LiteSpeed in chroot jail

“chroot” is a feature on Unix like system which can change the root directory of a process. A changed root process and its children process cannot access any file beyond the new root directory. It is like putting a process in a jail with physical file access boundries and the reason why this mechanism is often referred to as “chroot jail”.

“chroot” is a great way to enhance the security of any web facing server. It is not possible to guarantee that a system will never be compromized by a hacker due to vulnerable software or CGI scripts. However, by running the server inside a chroot jail, potential damage can be minimized.

Setting up a correct “chroot” environment is not an easy task: one needs to provide a minimum set of directories, device nodes and shared libraries that application needs in order to function properly.

For a web server, the difficult part is building the proper chroot environment: finding out what shared libraries are required by CGI applications.

LiteSpeed server has built-in chroot support which can automatically build a working chroot environment with PHP support at installation time, and provide a general tool to help you identify missing files required by a CGI application. The chroot feature is only available with LiteSpeed Enterprise Edition.

  • Admin
  • Last modified: 2015/07/29 16:00
  • by Michael Alegre