This is a discussion on CGIwrap's chroot - Apache ; I am working on CGIWrap these days. I install this because I want to limit the user in certain directories. But, I cann't work this out. All my virtual hosts are under the directory /home/clients eg. /home/clients/site1, /home/clients/site2 all these ...
I am working on CGIWrap these days. I install this
because I want to limit the user in certain directories.
But, I cann't work this out.
All my virtual hosts are under the directory /home/clients
eg. /home/clients/site1, /home/clients/site2
all these sites' html files are located in
and the cgi-bin directory is at
All these users are in the same group 'clients'.
I configure the cgiwrap with
./configure --with-cgi-dir=cgi-bin --with-install-dir=/usr/local/cgiwrap --with-httpd-user=nobody --with-install-group=wheel --with-chroot=../..
Then compile it.
I added the following settings in my httpd.conf in apache
ScriptAlias /cgi-bin/ /usr/local/cgiwrap/
ScriptAliasMatch ~(.*)/cgi-bin/(.*) /home/clients/$1/cgi-bin/$2
I use http://site123/cgi-bin/cgiwrap/123/env.cgi to test. Everything
seems to be well. However, I noticed that I can still go to
/ or /usr by using system() or readdir. Obveriously, the CHROOTing
is not working properly.
Then I tried
--with-chroot=/ the same problem.
--with-chroot=.. CGI cann't execute
--with-chroot=/home/clients CGI cann't execute
I tried sbox, with configuration
#define ROOT "../.."
#define CGI_BIN "../cgi-bin"
Everything goes well, and I can limit the users in a directory.
However, sbox does not seem to support a lot of Perl scripts.
Many scripts cann't execute after I installed the sbox.
Can anyon know how to work out the Chroot in CGIwrap?
Anyone who can help me will be very appreciated.