1.下载rpmforge-release-0.5.2-2.el6.rf.i686.rpm
i686 http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm
x86_64 http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
2.安装DAG's GPG key
rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
3.安装rpmforge-release-0.5.2-2.el6.rf.i686.rpm
rpm -i rpmforge-release-0.5.2-2.el6.rf.*.rpm
4.安装Jailkit
yum install Jailkit
5.配置Jailkit
拷贝原始配置文件
cd /etc/jailkit/
cp jk_init.ini jk_init.ini.bak
编辑jk_init.ini
vi jk_init.ini
在底部增加ldconfig
[ldconfig]
paths = /sbin/ldconfig
regularfiles = /etc/ld.so.conf
找到[uidbasics]
[uidbasics]
# this section probably needs adjustment on 64bit systems
# or non-Linux systems
comment = common files for all jails that need user/group information
paths = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss*.so.2, /lib64/libnss*.so.2, /etc/nsswitch.conf, /etc/ld.so.conf
去掉/etc/ld.so.conf增加下面一行
includesections = ldconfig
找到[apache]
[apache]
comment = the apache webserver, very basic setup, probably too limited for you
paths = /usr/sbin/apache
users = root, www-data
groups = root, www-data
includesections = netbasics, uidbasics
改为
[apache]
comment = the apache webserver, very basic setup, probably too limited for you
paths = /usr/sbin/apachectl,/usr/sbin/httpd,/etc/php.ini,/etc/localtime
users = root, apache
groups = root, apache
regularfiles = /etc/mime.types
directories = /etc/httpd,/var/www/html, /var/lock/subsys, /var/log/httpd,/etc/php.d,/usr/share/zoneinfo,/var/lib/php/session
includesections = netbasics, uidbasicsi,editors, basicshell
devices =/dev/urandom, /dev/null
建立要chroot的apache目录
mkdir /home/apache
chown root:root /home/apache
chmod 0755 /home/apache
在apache目录放置chroot环境需要的文件依赖
jk_init -j /home/apache apache
启动apache
apachectl start
中间会出现一些小问题,请根据实际把缺少的文件手动建立拷贝,如php.ini.
一个chroot环境建成.
2.配置apache
安装编译mod_chroot
# wget http://core.segfault.pl/~hobbit/mod_chroot/dist/mod_chroot-0.5.tar.gz
# tar -zxvf mod_chroot-0.5.tar.gz
# cd mod_chroot-0.5
# apxs -cia mod_chroot.c
修改/etc/httpd/conf/httpd.conf
PidFile run/httpd.pid
改为
PidFile /var/run/httpd.pid
在后面增加
ChrootDir /home/apache
在ServerRoot "/etc/httpd"后面增加
LockFile /var/run/httpd.lock
CoreDumpDirectory /var/run
ScoreBoardFile /var/run/httpd.scoreboard
加载chroot模块
64 位:LoadModule chroot_module /usr/lib64/httpd/modules/mod_chroot.so
32 位:LoadModule chroot_module /usr/lib/httpd/modules/mod_chroot.so
修改/etc/init.d/httpd
vi /etc/init.d/httpd
在HTTPD_LANG=${HTTPD_LANG-"C"}后增加
ROOT=/home/apache
找到
stop(){
echo -n $"Stopping $prog: "
killproc -d 10$httpd
RETVAL=$?
echo
[$RETVAL = 0] && rm -f ${lockfile}${pidfile}
}
修改为
stop(){
/bin/ln -s $ROOT/var/run/httpd.pid /var/run/httpd.pid
echo -n $"Stopping $prog: "
killproc -d 10$httpd
RETVAL=$?
echo
[$RETVAL = 0] && rm -f ${lockfile}${pidfile}
}
保存,重启.
service httpd restart.
可看到:
[Thu Jan 27 20:56:39 2011] [notice] core dump file size limit raised to 4294967295 bytes
[Thu Jan 27 20:56:39 2011] [notice] SELinux policy enabled; httpd running as context root:system_r:httpd_t
[Thu Jan 27 20:56:39 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Jan 27 20:56:39 2011] [notice] Digest: generating secret for digest authentication ...
[Thu Jan 27 20:56:39 2011] [notice] Digest: done
[Thu Jan 27 20:56:39 2011] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Thu Jan 27 20:56:39 2011] [notice] mod_chroot: changed root to /home/apache.
[Thu Jan 27 20:56:39 2011] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations
到此OK了.
有关session启动,请检测目录权限.
chown -R apache:apache session/
注意:数据库连接时localhost要改成127.0.0.1
如若转载,请注明出处:https://www.ozabc.com/jianzhan/24472.html