Skip to main content
IBM  
Shop Support Downloads
IBM Home Products Consulting Industries News About IBM
IBM developerWorks : Security : Education - Tutorials
Securing your Web server		ZIPPDF (letter)PDF (A4)e-mail
Main menuSection menuFeedbackPreviousNext
4. Jailing your Web users
  


Editing the configuration and startup files page 10 of 13


One final step remains before testing the chrooted server: editing several server configuration files, the syslogd script, and the initialization file that starts the httpd daemon on system boot.

First, edit /chroot/httpd/etc/httpd.conf to account for any changes you make to file locations. If your directory structure is identical to the previous installation, no edits are necessary. Keep in mind Apache reads and interprets the httpd.conf configuration file with respect to the ServerRoot directive. As long as you've made no directory changes with respect to this "root" location, moving Apache down into the chroot directory tree will have no impact on where the server expects to find its various components. Once you've completed any necessary edits, "lock down" the contents of /chroot/httpd/etc by setting the immutable bit on all files:


[root@thor root ]# chattr +i /chroot/httpd/etc/*

This ensures that no one -- not even root -- can edit these files. Before any changes can be made, the root user must explicitly reverse the immutable bit (chattr -i filename).

The next panel contains steps for completing the configuration process.


Main menuSection menuFeedbackPreviousNext
Privacy Legal Contact