Differences
This shows you the differences between two versions of the page.
| — |
litespeed_wiki:config:chroot [2015/07/29 16:00] (current) Michael Alegre created |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== LiteSpeed in chroot jail ====== | ||
| + | ===== What is chroot ===== | ||
| + | "chroot" is a feature on Unix like system which can change the root directory of a process. A changed root process and its children process cannot access any file beyond the new root directory. It is like putting a process in a jail with physical file access boundries and the reason why this mechanism is often referred to as "chroot jail". | ||
| + | |||
| + | ===== Why chroot a web server ===== | ||
| + | "chroot" is a great way to enhance the security of any web facing server. It is not possible to guarantee that a system will never be compromized by a hacker due to vulnerable software or CGI scripts. However, by running the server inside a chroot jail, potential damage can be minimized. | ||
| + | |||
| + | ===== How to setup chroot environment ===== | ||
| + | Setting up a correct "chroot" environment is not an easy task: one needs to provide a minimum set of directories, device nodes and shared libraries that application needs in order to function properly. | ||
| + | |||
| + | For a web server, the difficult part is building the proper chroot environment: finding out what shared libraries are required by CGI applications. | ||
| + | |||
| + | LiteSpeed server has built-in chroot support which can automatically build a working chroot environment with PHP support at installation time, and provide a general tool to help you identify missing files required by a CGI application. The chroot feature is only available with LiteSpeed Enterprise Edition. | ||