Posts tagged ‘chroot’

Apache httpd + suEXEC + chroot + FastCGI + PHP

Piqued your interest ? Excellent. For the moment, I’ll assume that you read the title of this post and immediately asked yourself (or rather, me) : “What are you talking about ? Why would anybody do that ? How exactly one get the above to work ? Be specific !”.

Well, I will answer each in turn. Even if you did not ask those questions. Even if you really wanted to read about the carrot-needs of bunnies, instead. No way out, honest !

What ?

Apache httpd
is the most popular web-server-application today. The page you are reading has been served by it; chances are, so have most others you have been reading recently. It is available for most operating systems, free, and well documented. People often refer to it simply as “Apache” since it’s arguably the most prominent Apache Software Foundation project. Indeed, I will be referring to it like that in this post.
is Apache’s solution to privilege separation with regard to CGI- and similarly run programs external to Apache. A popular example of a CGI-script would be a counter.
In *ix (and POSIX)-parlance, chroot is a systemcall which will change the current process’ root directory to a different one; for instance, this can be used to constrain a program’s access to a specific part of the filesystem.
is an evolution of the CGI. In the regular CGI-model, processes die after a request is handled; in FastCGI, persistent processes are possible; Since startup- and teardown-costs of programs may be substantial, this can provide a sizable boost in performance and allows for things like object-caching and the like.
is a popular scripting/programming-language used for web-pages (and other things). It is also a popular example of a program that may be run as a CGI process.

Continue reading ‘Apache httpd + suEXEC + chroot + FastCGI + PHP’ »