Date: Wed, 27 Dec 2006 16:10:05 +0530 From: Girish Venkatachalam <girishvenkatachalam@gmail.com> To: FreeBSD-Questions <freebsd-questions@freebsd.org> Subject: Re: chroot, performance & security Message-ID: <20061227104005.GA24009@lakshmi.susmita.org> In-Reply-To: <2cd0a0da0612270116s528eaad5v73ed7d1447feda63@mail.gmail.com> References: <2cd0a0da0612270116s528eaad5v73ed7d1447feda63@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 27, 2006 at 10:16:31AM +0100, VeeJay wrote:
> Hi
>
> I have made partations on my web server like at very outer edges of the
> disks,
>
> I have /, then /var, /tmp, /usr and in the end /home.
>
> Since I read that Data modified & used often should be placed at close to
> outer edges as possible.
>
> So, I am having all logs (apache, ftp, mysql and other logs) under /var/logs
> I have all my mysql DBs under /var/mysql/db
>
> But if for Security reseasons, I want to chroot apache, mysql and ftp under
> /home, then along with all executables and liberaries I have to move all
> logs, DBs under /home/chroot
>
> But then I think, If I move all these data from /var... I miss performance?
You need not have created so many partitions because it is going to hurt you now when you have to chroot. :)
Apache running under chroot means lot of things. OpenBSD has done it by default and it means that all the files that users host have to be under the chroot. All the DSOs have to be accessible as well.
chrooting ftp or sftp is not much trouble. I think a simple google search will tell you how to run sftp under chroot. I would suggest that along with chrooting ftp.
mysql should not give u much trouble but then I never use it.
I am a postgresql guy...
Best of luck!
regards,
Girish
-
When your mind is purified like a mirror knowledge is reflected in it.
Adi Sankaracharya, Hindu saint
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061227104005.GA24009>