I have succesfully chrooted Apache2, and runs great. BUT!
I have a problem.
I forgot that i also was using MySQL server. Now with phpmyadmin, I can't contact my MySQL server. My guess is that Apache runs chrooted under "/var/chroot", while MySQL runs under "/" and all its subdirectorys. So my Apache can't contact MySQL server.
And I've been looking around for a bit, and can't find an article by chrooting MySQL. It's f*cking difficult to chroot MySQL
So my question is, should i chroot Apache and MySQL together, or should I not, and do it in the easy way
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Chroot or not?
- kink
- Debian Developer, Site Admin
- Posts: 248
- Joined: 2006-01-02 16:47
- Location: Utrecht, The Netherlands
- Been thanked: 1 time
Most probably Apache/PHP try to contact the MySQL server over a local socket, e.g. in /var/run/mysql/mysql.sock. That won't be available to chrooted Apache.
The solution is easy: make sure PHP connects over the network. If you're configuring the hostname of your MySQL server in phpMyAdmin, do not use "localhost" but use "127.0.0.1". localhost is treated specially by PHP; this is documented in the manual.
To ghostdawg: there's some security advantage in the sense that an attacker gaining control over Apache can't access other files on the system outside of the chroot easily.
The solution is easy: make sure PHP connects over the network. If you're configuring the hostname of your MySQL server in phpMyAdmin, do not use "localhost" but use "127.0.0.1". localhost is treated specially by PHP; this is documented in the manual.
To ghostdawg: there's some security advantage in the sense that an attacker gaining control over Apache can't access other files on the system outside of the chroot easily.
After looking around and making the command:
"ln -f /var/run/mysqld/mysqld.sock /var/chroot/var/run/mysqld/mysqld.sock"
I get this error when i try to start mysql in /etc/init.d:
Nov 19 12:43:12 (name) /etc/init.d/mysql[13658]: 0 processes alive and '/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf ping' resulted in
Nov 19 12:43:12 (name) /etc/init.d/mysql[13658]: ^G/usr/bin/mysqladmin: connect to server at 'localhost' failed
Nov 19 12:43:12 (name) /etc/init.d/mysql[13658]: error: 'Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)'
Nov 19 12:43:12 (name) /etc/init.d/mysql[13658]: Check that mysqld is
running and that the socket: '/var/run/mysqld/mysqld.sock' exists!
Nov 19 12:43:12 (name) /etc/init.d/mysql[13658]:
What to do?
"ln -f /var/run/mysqld/mysqld.sock /var/chroot/var/run/mysqld/mysqld.sock"
I get this error when i try to start mysql in /etc/init.d:
Nov 19 12:43:12 (name) /etc/init.d/mysql[13658]: 0 processes alive and '/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf ping' resulted in
Nov 19 12:43:12 (name) /etc/init.d/mysql[13658]: ^G/usr/bin/mysqladmin: connect to server at 'localhost' failed
Nov 19 12:43:12 (name) /etc/init.d/mysql[13658]: error: 'Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)'
Nov 19 12:43:12 (name) /etc/init.d/mysql[13658]: Check that mysqld is
running and that the socket: '/var/run/mysqld/mysqld.sock' exists!
Nov 19 12:43:12 (name) /etc/init.d/mysql[13658]:
What to do?