Can you chroot the Microsoft FrontPage extensions?

Before you attempt to do this you should first make yourself familiar with both MS FrontPage and chrooting simple CGI scripts.

Here are some basic steps you need to do:

In this example, we're assuming you're chrooting to /web, and that your document root is /web/docroot.

  • Move /usr/local/frontpage to /web/usr/local/frontpage.
  • Both the Zeus and Microsoft FrontPage installation programs contain the hard coded path /usr/local/frontpage, so make /usr/local/frontpage a symlink to /web/usr/local/frontpage.
  • In the CGI module, set the FrontPage jail /web and enable chrooting of CGIs.
  • Still in the CGI module, set 'Security Configurables' to 'Run CGI as file owner'.
  • Edit the the virtual server configuration file manually. It will live in $ZEUSHOME/webadmin/conf/sites/[virtual server].

    Change modules!frontpage!fphome /usr/local/frontpage

    to modules!frontpage!fphome /web/usr/local/frontpage.

  • Create the directory /web/lib and copy all the libraries that the FrontPage binaries require. This can be done by recursively copying /lib/* to /web/lib or by finding out which ones are required using strace or truss.
  • Restart the FrontPage virtual server to incorporate the changes you have made.
  • Verify that your configuration is correct by running $ZEUSHOME/webadmin/bin/fpinst.sh --check on your FrontPage virtual server.

FrontPage should then happily run chrooted. If you have problems, try using strace or truss to work out what is going on. Also check the web server error log and syslog.

It is possible to have multiple, separate chroot'ed directories for each FrontPage-enabled virtual server Further directories will need separate copies of the library files and the /usr/local/frontpage directory.

A possible alternative to replicating the files would be to hardlink to the files in the /web/lib and /web/usr/local/frontpage directories, though this is predicated by all the chroot'ed FrontPage virtual servers having their docroots on the same filesystem.

Content Manager [Administrator] 15 June 2006  Permalink 1 comment  

Comments:

This public messageboard is not a forum for technical support. To report technical support problems, please contact our dedicated Support team using the instructions at the bottom of this page.

Comment from: Stuart Shelton [Zeus Support] · http://blog.srcshelton.dyndns.info/
A better way to determine which libraries your chroot gaol needs within it is with the following commands:

find /web/usr/local/frontpage -type f -perm +111 -exec ldd {} 2>/dev/null \; | cut -d "^I" -f 2 | cut -d " " -f 1 | sort | uniq

... where the '^I' character is generated by hitting ctrl+v then ctrl+tab.

This will list all of the libraries required, one per line. Only these libraries need be copied into the gaol.
Permalink 15 June 2006 @ 18:03
Leave a comment ...
Your email address will not be displayed.
Your URL will be displayed.
This public messageboard is not a forum for technical support. To report technical support problems, please contact our dedicated Support team using the instructions at the bottom of this page.
Options:
 
(Line breaks become <br />)
(Set cookies for name, email & url)
Download Free Trial

Recent Articles

Other Resources



www.zeus.com

powered by
b2evolution
The ZWS Online Support service is provided as is, without warranty or specific endorsement by Zeus Technology. For technical support queries, please contact Zeus Technical Support. Articles and comments may not reflect the views of Zeus Technology.  •  Disclaimer and Privacy statement.