From owner-freebsd-questions@FreeBSD.ORG Wed Dec 27 10:40:16 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8461C16A407 for ; Wed, 27 Dec 2006 10:40:16 +0000 (UTC) (envelope-from girishvenkatachalam@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.231]) by mx1.freebsd.org (Postfix) with ESMTP id 124FE13C47E for ; Wed, 27 Dec 2006 10:40:15 +0000 (UTC) (envelope-from girishvenkatachalam@gmail.com) Received: by wx-out-0506.google.com with SMTP id s18so3975844wxc for ; Wed, 27 Dec 2006 02:40:13 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:to:subject:message-id:reply-to:mail-followup-to:references:mime-version:content-type:content-disposition:in-reply-to:user-agent; b=nHbLf6w+UnDaLL6fxE2uZUhx2jwI9mIZaccj5Fw1V36TzgfFneqU7dyGF6mCBZzaltwxOptlbQ/khMeE8pS+j/PwqVcjMxeAsABRGpQc820WI1Uw4tpFwNDQPFEnpgeJai2gcAHGST38juh3IvnIEUM4ZU4qr6cJuAt7jFwkpY8= Received: by 10.70.32.10 with SMTP id f10mr25328502wxf.1167216013106; Wed, 27 Dec 2006 02:40:13 -0800 (PST) Received: from lakshmi.susmita.org ( [59.92.66.69]) by mx.google.com with ESMTP id i39sm4733121wxd.2006.12.27.02.40.11; Wed, 27 Dec 2006 02:40:12 -0800 (PST) Received: by lakshmi.susmita.org (Postfix, from userid 1000) id 2DCE523ACA6; Wed, 27 Dec 2006 16:10:06 +0530 (IST) Date: Wed, 27 Dec 2006 16:10:05 +0530 From: Girish Venkatachalam To: FreeBSD-Questions Message-ID: <20061227104005.GA24009@lakshmi.susmita.org> Mail-Followup-To: FreeBSD-Questions References: <2cd0a0da0612270116s528eaad5v73ed7d1447feda63@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2cd0a0da0612270116s528eaad5v73ed7d1447feda63@mail.gmail.com> User-Agent: Mutt/1.4.2i Subject: Re: chroot, performance & security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: girishvenkatachalam@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Dec 2006 10:40:16 -0000 On Wed, Dec 27, 2006 at 10:16:31AM +0100, VeeJay wrote: > Hi > > I have made partations on my web server like at very outer edges of the > disks, > > I have /, then /var, /tmp, /usr and in the end /home. > > Since I read that Data modified & used often should be placed at close to > outer edges as possible. > > So, I am having all logs (apache, ftp, mysql and other logs) under /var/logs > I have all my mysql DBs under /var/mysql/db > > But if for Security reseasons, I want to chroot apache, mysql and ftp under > /home, then along with all executables and liberaries I have to move all > logs, DBs under /home/chroot > > But then I think, If I move all these data from /var... I miss performance? You need not have created so many partitions because it is going to hurt you now when you have to chroot. :) Apache running under chroot means lot of things. OpenBSD has done it by default and it means that all the files that users host have to be under the chroot. All the DSOs have to be accessible as well. chrooting ftp or sftp is not much trouble. I think a simple google search will tell you how to run sftp under chroot. I would suggest that along with chrooting ftp. mysql should not give u much trouble but then I never use it. I am a postgresql guy... Best of luck! regards, Girish - When your mind is purified like a mirror knowledge is reflected in it. Adi Sankaracharya, Hindu saint