Right Ive installed APache in /usr/local/Apache2. (making upgrades relatively easy)

Ive created a jail in /var/webroot

Created /var/webroot/usr/local/

installed and configured copy of Apache 2 to run from here.

I still need to copy all required system files etc.

but I have two questions

1. the Jailed APache should use exactly the same httpd.conf as the non-jailed I assume. Is this correct??? If so it would mean copying /etc/ssl into the jail environment, wouldnt it???

2. As I have MySQL installed on same machine (for testing purposes) will I only need to copy the mysql.sock to jailed environment and ammend non-jailed MySQL my.cnf line: socket =/wherever/mysql.sock to socket =/var/webroot/mysql.sock.

Assuming mysql.sock is installed to /var/webroot/

chhers

Ive managed to jail APache and PHP, ssl and got all require libs in the jail.

However whenever I try to start Apache I get an error stating :

httpd: bad user name webuser

I have placed the webuser in the password and shadow files.

And all dependancies are met

Anybody got any idea what the problem is????

solved httpd: bad user name by copying whole of /etc/ into the chroot.

now Im going thru it one file at a time removing what I dont need and seeing which files stop Apache working then. Once I resolve this I will post results for others.

one other issue however, Ive tried setting the my.cnf file in normal /etc/ to find the mysql.sock in the /tmp/ directory of the chroot env. Ive changed both the server and local system in my.cnf as follows.

==================================================
# The following options will be passed to all MySQL clients
[client]
#password =*******************
port = 3306
[B]socket = /apachejail/tmp/mysql.sock[B]

# Here follows entries for some specific programs

# The MySQL server
[mysqld]
user=mysql
port = 3306
[B]socket = /apachejail/tmp/mysql.sock[B]
skip-locking
set-variable = key_buffer=16M
set-variable = max_allowed_packet=1M
set-variable = table_cache=64
set-variable = sort_buffer=512K
set-variable = net_buffer_length=8K
set-variable = myisam_sort_buffer_size=8M
log-bin
server-id = 1
default-table-type = innodb
# Point the following paths to different dedicated disks
#tmpdir = /tmp/
#log-update = /path-to-dedicated-directory/hostname
==================================================

Now when I run the MySQL daemon (not in chroot environment it gives following error

ERROR 2002: Can't connect to local MySQL server through socket '/apachejail/tmp/mysql.sock' (2)


anybody know how to solve this????

Right Ive managed to resolve all conflicts (seemingly).

So Ive got Apache SSL and php jailed.

And ive managed to get the mysql.sock to use /apachejail/tmp as its tmp directory so the jail environment can see it.

Tested SSL>>>>>Works
Tested Simple php Scripts>>>>>>>Works

Need to test whether php can connect to the database from the chroot environment.

Could I usie if config Alias to put another Ip address on the interface so that for example 192.168.1.1 is used by Apache and 192.168.1.2 is used by mysql, would this be more secure?????

Also only user registered in the jail (in/etc/passwd and etc/shadow) is apacheusr, which is a member of apachegrp and has no access to any thing, it only owns the Apache child processes, does this mean that they shouldnt be able to break out of the jail.

The only thing Ive copied into the jail on mass is /lib. Ive removed everything from /etc, there is no/bin or/sbin. does /lib normally contain anything that could be used to break out of the jail????