Trying to move my httpd chroot

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Trying to move my httpd chroot

alan01346
I don't have enough room in / to have my htdocs there so I want to
move it to /usr/htdocs. This is in 5.7.   No problem I thought, I've
had to do it before.  So my /etc/httpd.conf looks like this:

chroot "/usr/htdocs"

server "d530.my.domain" {
  listen on * port 80
}

And I get logging into /usr/htdocs/logs but httpd doesn''t seem to
find files in /usr/htdocs.  I get a 404 error that says OpenBSD httpd
in it but it can't find even index.html which does exist.  I've played
with htdocs vs htdocs/.  If I comment out the chroot line it finds
files in /var/www/htdocs.  My /usr is in a different MBR partition
(actually an exended one) with 129 gigs free.

Anybody tried to move their htdocs?  I didn't find anything by
searching.  I wouldn't want to write something and put it out there
for everybody to beat on.  I did read the PDF and man pages.

Also I found that if I set httpd_flags to "-d -v" in
/etc/rc.conf.local then booting  the machine seems to hang there.
Permissions on the file look like:
-rwxr--r--  1 www  daemon  4022 Jan 19  2015 index.html

--
Credit is the root of all evil.  - AB1JX

Reply | Threaded
Open this post in threaded view
|

Re: Trying to move my httpd chroot

Rick Hanson
On Wed, Mar 16, 2016 at 8:58 PM, Alan Corey <[hidden email]> wrote:
> I don't have enough room in / to have my htdocs there so I want to
> move it to /usr/htdocs. This is in 5.7.   No problem I thought, I've
> had to do it before.  So my /etc/httpd.conf looks like this:
>
> chroot "/usr/htdocs"

It's probably supposed to be

chroot "/usr"

Check out `man httpd.conf`.  Look at the descriptions for the `chroot`
and `root` settings.  It appears that both of these settings combine
to get you what you're looking for in this case.

> server "d530.my.domain" {
>   listen on * port 80
> }
>
> And I get logging into /usr/htdocs/logs but httpd doesn''t seem to
> find files in /usr/htdocs.  I get a 404 error that says OpenBSD httpd
> in it but it can't find even index.html which does exist.  I've played
> with htdocs vs htdocs/.  If I comment out the chroot line it finds
> files in /var/www/htdocs.  My /usr is in a different MBR partition
> (actually an exended one) with 129 gigs free.
>
> Anybody tried to move their htdocs?  I didn't find anything by
> searching.  I wouldn't want to write something and put it out there
> for everybody to beat on.  I did read the PDF and man pages.
>
> Also I found that if I set httpd_flags to "-d -v" in
> /etc/rc.conf.local then booting  the machine seems to hang there.
> Permissions on the file look like:
> -rwxr--r--  1 www  daemon  4022 Jan 19  2015 index.html
>
> --
> Credit is the root of all evil.  - AB1JX

Reply | Threaded
Open this post in threaded view
|

Re: Trying to move my httpd chroot

Nick Holland
In reply to this post by alan01346
On 03/16/16 20:58, Alan Corey wrote:
> I don't have enough room in / to have my htdocs there so I want to
> move it to /usr/htdocs. This is in 5.7.   No problem I thought, I've
> had to do it before.  So my /etc/httpd.conf looks like this:
>
> chroot "/usr/htdocs"

hint: the default is /var/www.  NOT /var/www/htdocs.

>
> server "d530.my.domain" {
>   listen on * port 80
> }
>
> And I get logging into /usr/htdocs/logs but httpd doesn''t seem to
> find files in /usr/htdocs.  I get a 404 error that says OpenBSD httpd
> in it but it can't find even index.html which does exist.

actually, it doesn't.  man httpd.conf
     chroot directory
             Set the chroot(2) directory.  If not specified, it
             defaults to /var/www, the home directory of the www user.
...
     directory
             Set the document root of the server.  The directory is a
             pathname within the chroot(2) root directory of httpd.
             If not specified, it defaults to /htdocs.

You are trying to serve /usr/htdocs/htdocs/index.html, and that is a
good 404.

I verified that I could chroot to my /tmp dir and serve a file out of
/tmp/htdocs/ with no problem.

> I've played
> with htdocs vs htdocs/.  If I comment out the chroot line it finds
> files in /var/www/htdocs.  My /usr is in a different MBR partition
> (actually an exended one) with 129 gigs free.

and this is also wrong.
Your webserver should NOT be in /.
Your /usr should not have 129G free.
Your web server should not be in /usr.
You really need to be reloading that system with a less insane
partitioning plan.  Then you don't have to worry about moving the
chroot.  It can be done.  But don't.  Just don't.  Not for this reason.
 You need to upgrade soon anyway.  Good time to rebuild properly.

Nick.

Reply | Threaded
Open this post in threaded view
|

Re: Trying to move my httpd chroot

alan01346
In reply to this post by Rick Hanson
Bingo.  /usr does it.  One clue I guess was that it was logging into
/usr/logs.  With Apache at least the chroot dir wasn't the same as the
document root.  And you don't want the logs dir readable through the
httpd.  So essentially there's htdocs and logs inside of what you
specify as a chroot dir.

On 3/16/16, Rick Hanson <[hidden email]> wrote:

> On Wed, Mar 16, 2016 at 8:58 PM, Alan Corey <[hidden email]> wrote:
>> I don't have enough room in / to have my htdocs there so I want to
>> move it to /usr/htdocs. This is in 5.7.   No problem I thought, I've
>> had to do it before.  So my /etc/httpd.conf looks like this:
>>
>> chroot "/usr/htdocs"
>
> It's probably supposed to be
>
> chroot "/usr"
>
> Check out `man httpd.conf`.  Look at the descriptions for the `chroot`
> and `root` settings.  It appears that both of these settings combine
> to get you what you're looking for in this case.
>
>> server "d530.my.domain" {
>>   listen on * port 80
>> }
>>
>> And I get logging into /usr/htdocs/logs but httpd doesn''t seem to
>> find files in /usr/htdocs.  I get a 404 error that says OpenBSD httpd
>> in it but it can't find even index.html which does exist.  I've played
>> with htdocs vs htdocs/.  If I comment out the chroot line it finds
>> files in /var/www/htdocs.  My /usr is in a different MBR partition
>> (actually an exended one) with 129 gigs free.
>>
>> Anybody tried to move their htdocs?  I didn't find anything by
>> searching.  I wouldn't want to write something and put it out there
>> for everybody to beat on.  I did read the PDF and man pages.
>>
>> Also I found that if I set httpd_flags to "-d -v" in
>> /etc/rc.conf.local then booting  the machine seems to hang there.
>> Permissions on the file look like:
>> -rwxr--r--  1 www  daemon  4022 Jan 19  2015 index.html
>>
>> --
>> Credit is the root of all evil.  - AB1JX
>


--
Credit is the root of all evil.  - AB1JX

Reply | Threaded
Open this post in threaded view
|

Re: Trying to move my httpd chroot

Jan Stary
In reply to this post by alan01346
On Mar 16 20:58:59, [hidden email] wrote:
> I don't have enough room in / to have my htdocs there so I want to
> move it to /usr/htdocs. This is in 5.7.   No problem I thought, I've
> had to do it before.  So my /etc/httpd.conf looks like this:
>
> chroot "/usr/htdocs"

Why din't you use he standard /var/www?

> And I get logging into /usr/htdocs/logs but httpd doesn''t seem to
> find files in /usr/htdocs.

What is your "root" directive for the server?
Remember, it's relative to the chroot.

> I get a 404 error that says OpenBSD httpd
> in it but it can't find even index.html which does exist.  I've played
> with htdocs vs htdocs/.  If I comment out the chroot line it finds
> files in /var/www/htdocs.  My /usr is in a different MBR partition
> (actually an exended one) with 129 gigs free.

You might be better off having /usr hold your /usr,
and have a biug separate /var/www for your web content.
Then you can leave httpd chroot the default.

> Anybody tried to move their htdocs?  I didn't find anything by
> searching.  I wouldn't want to write something and put it out there
> for everybody to beat on.  I did read the PDF and man pages.
>
> Also I found that if I set httpd_flags to "-d -v" in
> /etc/rc.conf.local then booting  the machine seems to hang there.

Without -d, the httpd deamonizes into the background,
and the boot goes on. With -d, it stays running in the
foreground; only after you kill it, the boot will go on.

        Jan

Reply | Threaded
Open this post in threaded view
|

Re: Trying to move my httpd chroot

Jan Stary
In reply to this post by alan01346
On Mar 16 22:04:19, [hidden email] wrote:
> Bingo.  /usr does it.  One clue I guess was that it was logging into
> /usr/logs.  With Apache at least the chroot dir wasn't the same as the
> document root.

With default httpd, it also isn't.

> And you don't want the logs dir readable through the
> httpd.  So essentially there's htdocs and logs inside of what you
> specify as a chroot dir.

Yes.

Reply | Threaded
Open this post in threaded view
|

Re: Trying to move my httpd chroot

Kevin Chadwick-4
In reply to this post by Nick Holland
> Your webserver should NOT be in /.
> Your /usr should not have 129G free.
> Your web server should not be in /usr.

In case your thinking does it matter beyond doing things correctly! What
sprang to my mind immediately is that those partitions won't have
things like nosuid,noexec settable without breaking things. Not to
mention a rogue web server may do extra damage like filling the
filesystem up may prevent upgrades etc. etc..

Partitioning on OpenBSD is a lot saner than on 'modern' Linux where too
much stuff now goes in /usr (now /!!), systemd cross links are one
insanity.

--

KISSIS - Keep It Simple So It's Securable

Reply | Threaded
Open this post in threaded view
|

Re: Trying to move my httpd chroot

Craig Skinner-3
In reply to this post by alan01346
Hi Alan,

On 2016-03-16 Wed 20:58 PM |, Alan Corey wrote:
> I don't have enough room in / to have my htdocs there so I want to
> move it to /usr/htdocs. This is in 5.7.

Re-install (5.8) with a better partitioning layout:

$ mount -d /var/www
exec: mount_ffs -o rw -o nodev -o nosuid -o noexec -o softdep -o noatime /dev/[something] /var/www

Cheers!
--
You're at the end of the road again.