emsApplication/3rdPartner/boa-0.94.13/contrib/README.chroot.solaris

Boa chroot mini-HOWTO 
===================================================
by Liam Widdowson <lbw@telstra.com>
modified slightly by Jon Nelson <jnelson@boa.org>

The following is required to get Boa working in a chroot jail. Whilst this
README is about Solaris specifically, the principals here will apply to
other operating systems.

The following assumptions are made:

	- Boa has been compiled and installed in /opt/boa
	- The chroot jail will be created in /var/www
	- A user and group 'www' have been created.

Make sure you change the above directories to suit your system.

Your boa.conf should look something like the following:

## begin config file

Port 80
User www
Group www

# Note, these paths are used releative to the chroot jail. i.e /var/log is
# really /var/www/var/log
ErrorLog /var/log/error_log
AccessLog /var/log/access_log
DocumentRoot /var/www

# You won't be able to access user home directories outside of the chroot
# but you may replicate them into the chroot jail. You'll need a working
# and valid /etc/passwd as well
UserDir public_html

DirectoryIndex index.html

# this binary must exist in the chroot jail. Again, the path is relative.
DirectoryMaker /usr/bin/boa_indexer

KeepAliveMax 1000
KeepAliveTimeout 10

# this file must exist inside AND outside the chroot jail. 
MimeTypes /opt/boa/mime.types

DefaultType text/plain

## end config file

Once the configuration file is created, you must begin creating your
chroot jail. A variety of libraries, timezone files, device files and other 
bits and pieces must be copied in order for this to work. Below is a ls -lR 
of what your jail should be at a minimum:

.:
total 10
drwxr-xr-x   2 root     other        512 Jan 21 18:58 dev
drwxr-xr-x   2 root     other        512 Jan 21 19:20 etc
drwxr-xr-x   3 root     other        512 Jan 21 19:20 opt
drwxr-xr-x   5 root     other        512 Jan 21 19:08 usr
drwxr-xr-x   4 root     other        512 Jan 21 18:57 var

./dev:
total 0
crw-rw-rw-   1 root     other     13,  2 Jan 21 18:58 null
crw-rw-rw-   1 root     other     41,  0 Jan 21 18:58 udp

./etc:
total 16
-r-xr-xr-x   1 root     other        482 Jan 21 19:20 TIMEZONE
-r--r--r--   1 root     other         74 Jan 21 19:20 hosts
-rw-r--r--   1 root     other       1239 Jan 21 19:20 netconfig
-rw-r--r--   1 root     other       1298 Jan 21 19:20 nsswitch.conf
-r--r--r--   1 root     other        514 Jan 21 19:44 passwd
-rw-r--r--   1 root     other         94 Jan 21 19:20 resolv.conf
drwx------   2 root     other        512 Jan 21 19:20 boa

./boa:
total 4
-rw-r--r--   1 root     other       1234 Jan 21 19:26 boa.conf

./opt:
total 2
drwxr-xr-x   2 root     other        512 Jan 21 19:26 boa

./opt/boa:
total 20
-rw-r--r--   1 root     other       9964 Jan 21 19:26 mime.types

./usr:
total 6
drwxr-xr-x   2 root     other        512 Jan 21 19:21 bin
drwxr-xr-x   2 root     other        512 Jan 21 19:03 lib
drwxr-xr-x   3 root     other        512 Jan 21 19:08 share

./usr/bin:
total 18
-rwxr-xr-x   1 root     other       8944 Jan 21 19:23 boa_indexer

./usr/lib:
total 5094
-rwxr-xr-x   1 root     other     185020 Jan 21 19:03 ld.so.1
-rwxr-xr-x   1 root     other    1126652 Jan 21 18:56 libc.so.1
-rwxr-xr-x   1 root     other       4308 Jan 21 18:56 libdl.so.1
-rwxr-xr-x   1 root     other      24968 Jan 21 18:56 libmp.so.2
-rwxr-xr-x   1 root     other     883500 Jan 21 18:56 libnsl.so.1
-rwxr-xr-x   1 root     other     265860 Jan 21 18:56 libresolv.so.2
-rwxr-xr-x   1 root     other      70260 Jan 21 18:56 libsocket.so.1

./usr/share:
total 2
drwxr-xr-x   3 root     other        512 Jan 21 19:08 lib

./usr/share/lib:
total 2
drwxr-xr-x   3 root     other        512 Jan 21 19:08 zoneinfo

./usr/share/lib/zoneinfo:
total 2
drwxr-xr-x   2 root     other        512 Jan 21 19:09 Australia

./usr/share/lib/zoneinfo/Australia:
total 22
-rw-r--r--   1 root     other        785 Jan 21 19:09 ACT
-rw-r--r--   1 root     other        785 Jan 21 19:09 Broken_Hill
-rw-r--r--   1 root     other        663 Jan 21 19:09 LHI
-rw-r--r--   1 root     other        785 Jan 21 19:09 NSW
-rw-r--r--   1 root     other        104 Jan 21 19:09 North
-rw-r--r--   1 root     other        160 Jan 21 19:09 Queensland
-rw-r--r--   1 root     other        785 Jan 21 19:09 South
-rw-r--r--   1 root     other        825 Jan 21 19:09 Tasmania
-rw-r--r--   1 root     other        785 Jan 21 19:09 Victoria
-rw-r--r--   1 root     other        150 Jan 21 19:09 West
-rw-r--r--   1 root     other        785 Jan 21 19:09 Yancowinna

./var:
total 4
drwxr-xr-x   2 www      www          512 Jan 21 19:44 log
drwxr-xr-x   2 root     other        512 Jan 21 18:57 www

./var/log:
total 4
-rw-r--r--   1 root     other        202 Jan 21 19:47 access_log
-rw-r--r--   1 root     other        590 Jan 21 19:49 error_log

./var/www:
total 0

Note, your boa binary should be kept outside of the chroot jail as 
they are not required. 

The commandline issued to boa requires "-r /var/www" which tells
boa to chroot to /var/www before it does anything else, including
reading its configuration file.

That's all that's required. Start your new chrooting boa up and enjoy!
init 2024-05-24 12:19:45 +08:00			`Boa chroot mini-HOWTO`
			`===================================================`
			`by Liam Widdowson <lbw@telstra.com>`
			`modified slightly by Jon Nelson <jnelson@boa.org>`

			`The following is required to get Boa working in a chroot jail. Whilst this`
			`README is about Solaris specifically, the principals here will apply to`
			`other operating systems.`

			`The following assumptions are made:`

			`- Boa has been compiled and installed in /opt/boa`
			`- The chroot jail will be created in /var/www`
			`- A user and group 'www' have been created.`

			`Make sure you change the above directories to suit your system.`

			`Your boa.conf should look something like the following:`

			`## begin config file`

			`Port 80`
			`User www`
			`Group www`

			`# Note, these paths are used releative to the chroot jail. i.e /var/log is`
			`# really /var/www/var/log`
			`ErrorLog /var/log/error_log`
			`AccessLog /var/log/access_log`
			`DocumentRoot /var/www`

			`# You won't be able to access user home directories outside of the chroot`
			`# but you may replicate them into the chroot jail. You'll need a working`
			`# and valid /etc/passwd as well`
			`UserDir public_html`

			`DirectoryIndex index.html`

			`# this binary must exist in the chroot jail. Again, the path is relative.`
			`DirectoryMaker /usr/bin/boa_indexer`

			`KeepAliveMax 1000`
			`KeepAliveTimeout 10`

			`# this file must exist inside AND outside the chroot jail.`
			`MimeTypes /opt/boa/mime.types`

			`DefaultType text/plain`

			`## end config file`

			`Once the configuration file is created, you must begin creating your`
			`chroot jail. A variety of libraries, timezone files, device files and other`
			`bits and pieces must be copied in order for this to work. Below is a ls -lR`
			`of what your jail should be at a minimum:`

			`.:`
			`total 10`
			`drwxr-xr-x 2 root other 512 Jan 21 18:58 dev`
			`drwxr-xr-x 2 root other 512 Jan 21 19:20 etc`
			`drwxr-xr-x 3 root other 512 Jan 21 19:20 opt`
			`drwxr-xr-x 5 root other 512 Jan 21 19:08 usr`
			`drwxr-xr-x 4 root other 512 Jan 21 18:57 var`

			`./dev:`
			`total 0`
			`crw-rw-rw- 1 root other 13, 2 Jan 21 18:58 null`
			`crw-rw-rw- 1 root other 41, 0 Jan 21 18:58 udp`

			`./etc:`
			`total 16`
			`-r-xr-xr-x 1 root other 482 Jan 21 19:20 TIMEZONE`
			`-r--r--r-- 1 root other 74 Jan 21 19:20 hosts`
			`-rw-r--r-- 1 root other 1239 Jan 21 19:20 netconfig`
			`-rw-r--r-- 1 root other 1298 Jan 21 19:20 nsswitch.conf`
			`-r--r--r-- 1 root other 514 Jan 21 19:44 passwd`
			`-rw-r--r-- 1 root other 94 Jan 21 19:20 resolv.conf`
			`drwx------ 2 root other 512 Jan 21 19:20 boa`

			`./boa:`
			`total 4`
			`-rw-r--r-- 1 root other 1234 Jan 21 19:26 boa.conf`

			`./opt:`
			`total 2`
			`drwxr-xr-x 2 root other 512 Jan 21 19:26 boa`

			`./opt/boa:`
			`total 20`
			`-rw-r--r-- 1 root other 9964 Jan 21 19:26 mime.types`

			`./usr:`
			`total 6`
			`drwxr-xr-x 2 root other 512 Jan 21 19:21 bin`
			`drwxr-xr-x 2 root other 512 Jan 21 19:03 lib`
			`drwxr-xr-x 3 root other 512 Jan 21 19:08 share`

			`./usr/bin:`
			`total 18`
			`-rwxr-xr-x 1 root other 8944 Jan 21 19:23 boa_indexer`

			`./usr/lib:`
			`total 5094`
			`-rwxr-xr-x 1 root other 185020 Jan 21 19:03 ld.so.1`
			`-rwxr-xr-x 1 root other 1126652 Jan 21 18:56 libc.so.1`
			`-rwxr-xr-x 1 root other 4308 Jan 21 18:56 libdl.so.1`
			`-rwxr-xr-x 1 root other 24968 Jan 21 18:56 libmp.so.2`
			`-rwxr-xr-x 1 root other 883500 Jan 21 18:56 libnsl.so.1`
			`-rwxr-xr-x 1 root other 265860 Jan 21 18:56 libresolv.so.2`
			`-rwxr-xr-x 1 root other 70260 Jan 21 18:56 libsocket.so.1`

			`./usr/share:`
			`total 2`
			`drwxr-xr-x 3 root other 512 Jan 21 19:08 lib`

			`./usr/share/lib:`
			`total 2`
			`drwxr-xr-x 3 root other 512 Jan 21 19:08 zoneinfo`

			`./usr/share/lib/zoneinfo:`
			`total 2`
			`drwxr-xr-x 2 root other 512 Jan 21 19:09 Australia`

			`./usr/share/lib/zoneinfo/Australia:`
			`total 22`
			`-rw-r--r-- 1 root other 785 Jan 21 19:09 ACT`
			`-rw-r--r-- 1 root other 785 Jan 21 19:09 Broken_Hill`
			`-rw-r--r-- 1 root other 663 Jan 21 19:09 LHI`
			`-rw-r--r-- 1 root other 785 Jan 21 19:09 NSW`
			`-rw-r--r-- 1 root other 104 Jan 21 19:09 North`
			`-rw-r--r-- 1 root other 160 Jan 21 19:09 Queensland`
			`-rw-r--r-- 1 root other 785 Jan 21 19:09 South`
			`-rw-r--r-- 1 root other 825 Jan 21 19:09 Tasmania`
			`-rw-r--r-- 1 root other 785 Jan 21 19:09 Victoria`
			`-rw-r--r-- 1 root other 150 Jan 21 19:09 West`
			`-rw-r--r-- 1 root other 785 Jan 21 19:09 Yancowinna`

			`./var:`
			`total 4`
			`drwxr-xr-x 2 www www 512 Jan 21 19:44 log`
			`drwxr-xr-x 2 root other 512 Jan 21 18:57 www`

			`./var/log:`
			`total 4`
			`-rw-r--r-- 1 root other 202 Jan 21 19:47 access_log`
			`-rw-r--r-- 1 root other 590 Jan 21 19:49 error_log`

			`./var/www:`
			`total 0`

			`Note, your boa binary should be kept outside of the chroot jail as`
			`they are not required.`

			`The commandline issued to boa requires "-r /var/www" which tells`
			`boa to chroot to /var/www before it does anything else, including`
			`reading its configuration file.`

			`That's all that's required. Start your new chrooting boa up and enjoy!`