Forum
Hiawatha in chroot
Marco
11 October 2011, 16:11
Hi Hugo
I have used default file configurations with only a change in hiawatha.conf file:
ServerRoot = /hiawchroot
After that I have make hierarchy directory and executables with 'newroot /usr/local/bin/hiawatha', make directory /hiawchroot/var/{lib,www,log} with perms 755
and I have tried to exec hiawatha in chroot directory /hiawchroot (with perms: drwxrwxrwx. 5 root root 100 10 ott 20.02 hiawchroot and selinux disabled) I have received these warnings:
[root@testpc hiawchroot]# /usr/local/sbin/hiawatha -d
Warning: couldn't create logfile /hiawchroot/var/log/hiawatha/system.log
Warning: couldn't create logfile /hiawchroot/var/log/hiawatha/exploit.log
Warning: couldn't create logfile /hiawchroot/var/log/hiawatha/access.log
Warning: couldn't create logfile /hiawchroot/var/log/hiawatha/error.log
Press Ctrl-C to shutdown the Hiawatha webserver.
Hiawatha was compiled with configure options: ./configure --sysconfdir=/etc --mandir=/usr/share/man --localstatedir=/var --enable-chroot
Is there something that I wrong?
Thanks
Hiawatha version: 7.7
Operating System: Linux Fedora 15
I have used default file configurations with only a change in hiawatha.conf file:
ServerRoot = /hiawchroot
After that I have make hierarchy directory and executables with 'newroot /usr/local/bin/hiawatha', make directory /hiawchroot/var/{lib,www,log} with perms 755
and I have tried to exec hiawatha in chroot directory /hiawchroot (with perms: drwxrwxrwx. 5 root root 100 10 ott 20.02 hiawchroot and selinux disabled) I have received these warnings:
[root@testpc hiawchroot]# /usr/local/sbin/hiawatha -d
Warning: couldn't create logfile /hiawchroot/var/log/hiawatha/system.log
Warning: couldn't create logfile /hiawchroot/var/log/hiawatha/exploit.log
Warning: couldn't create logfile /hiawchroot/var/log/hiawatha/access.log
Warning: couldn't create logfile /hiawchroot/var/log/hiawatha/error.log
Press Ctrl-C to shutdown the Hiawatha webserver.
Hiawatha was compiled with configure options: ./configure --sysconfdir=/etc --mandir=/usr/share/man --localstatedir=/var --enable-chroot
Is there something that I wrong?
Thanks
Hiawatha version: 7.7
Operating System: Linux Fedora 15
Hugo Leisink
11 October 2011, 16:24
Does the directory /hiawchroot/var/log/hiawatha/ exist?
Marco
11 October 2011, 16:48
Yes.
I have create it with command: mkdir /hiawchroot/var/{lib,www,log}
I have create it with command: mkdir /hiawchroot/var/{lib,www,log}
Hugo Leisink
11 October 2011, 16:53
That command doesn't create the last subdirectory with the name 'hiawatha'. Take a closer look at the error message what directory is needed to store the logfiles.
Marco
11 October 2011, 17:06
Sorry but I forgot to write in the topic that the directory was created.
I have directory /hiawchroot/var/log/hiawatha but problem remains.
I have directory /hiawchroot/var/log/hiawatha but problem remains.
Hugo Leisink
11 October 2011, 19:04
Try changing the block code in hiawatha.c at line 2032 from
to
#ifdef HAVE_CHROOT
touch_logfiles(config, config->server_root);
#else
touch_logfiles(config, "");
#endif
to
touch_logfiles(config, "");
Marco
11 October 2011, 20:00
Thank you.
I have tested it with basic configuration and work fine
I have tested it with basic configuration and work fine
Marco
13 October 2011, 12:35
But now... it tell me Forbidden for all cgi files.
I have inserted cgi-wrapper in sbin directory with suid permission.
I have tried also with printenv.cgi but same result.
Line like this example in cgi-wrapper.conf is rigth?
Wrap = chroot : /mnt/tests/hiawchroot | /var/www/user ; 1090:1090
I have inserted cgi-wrapper in sbin directory with suid permission.
I have tried also with printenv.cgi but same result.
Line like this example in cgi-wrapper.conf is rigth?
Wrap = chroot : /mnt/tests/hiawchroot | /var/www/user ; 1090:1090
Hugo Leisink
13 October 2011, 13:23
What does the error logfile or system logfile say?
Marco
14 October 2011, 16:47
127.0.0.1|Fri 14 Oct 2011 16:48:54 +0200|403|548||GET /printenv.cgi HTTP/1.0|Host: 127.0.0.2|Accept: text/html, text/plain, text/css, text/sgml, */*;q=0.01|Accept-Encoding: gzip, bzip2|Accept-Language: en|Pragma: no-cache|Cache-Control: no-cache|User-Agent: Lynx/2.8.7rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/1.0.0e-fips|Referer: https://127.0.0.2:8443/printenv.cgi
Marco
14 October 2011, 18:02
Is not problem of path or permissions because it work fine when run from any user via bash.
Hugo Leisink
16 October 2011, 15:51
Is ExecuteCGI set to 'yes'?
Marco
17 October 2011, 16:18
Yes and same configuration work fine without chroot.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
