When you chroot a CGI script, there is absolutely no way it can access files outside the chroot 'jail' you limit it to. This has security benefits, but it also means that it cannot access any libraries or configuration files that are outside of this jail directory.
Here is an example directory structure required for chrooting. In this example, an ISP has all his web sites under /web. With the docroots being /web/docroot/www.foo.com and /web/docroot/www.bar.com. The ISP has decided to chroot all CGIs into a chroot jail of "/web".
The first thing the ISP needs to do is to copy across the essential libraries. On RHEL 4, the following directory structure contains enough of the core libraries to get a simple CGI script to run.
Note that if you use languages like Perl for CGIs, you'll need to copy across all the Perl binaries and libraries into the chrooted jail.
Content Manager [Administrator] 15 June 2006
Comments are closed for this post.