Hi,
I am using the following watchdog.conf to CHROOT & jail resin. <resin xmlns="http://caucho.com/ns/resin";> <management> <user name="harry" password="MD5HASH=="/> </management> <watchdog-manager> <watchdog-port>6617</watchdog-port> <watchdog id=www.domain.com> <resin-conf>/resin/conf/hosts/www.domain.com.conf</resin-conf> <resin-root>/resin/</resin-root> <chroot>/resin/thehost/www.domain.com/</chroot> </watchdog> </watchdog-manager> </resin> After running the watchdog and starting the domain, I am able to use file.io to read any file on the server. I want to prevent virtual hosts from reading files that they shouldn't have access to. I think that I must be missing something somewhere, but I'm not sure what? I know that CHROOT/JAIL typically has many steps involved with Tomcat, is that the same with Resin? Last twist::::If I am running Resin in conjunction with Apache does that cause additional CHROOT issues? Can resin handle multiple certs for virtual hosts using a watchdog.conf setup? I primarily use apache for mod_rewrite & ssl certificates. Thanks, Joey
_______________________________________________ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest
