On May 21, 2009, at 7:25 PM, Mktg. Incorporate Fast wrote:
Hi,
I am using the following watchdog.conf to CHROOT & jail resin.
<resin xmlns="http://caucho.com/ns/resin";>
<management>
<user name="harry" password="MD5HASH=="/>
</management>
<watchdog-manager>
<watchdog-port>6617</watchdog-port>
<watchdog id=www.domain.com>
<resin-conf>/resin/conf/hosts/www.domain.com.conf</resin-conf>
<resin-root>/resin/</resin-root>
<chroot>/resin/thehost/www.domain.com/</chroot>
</watchdog>
</watchdog-manager>
</resin>
After running the watchdog and starting the domain, I am able to use
file.io to read any file on the server. I want to prevent virtual
hosts from reading files that they shouldn't have access to. I
think that I must be missing something somewhere, but I'm not sure
what? I know that CHROOT/JAIL typically has many steps involved
with Tomcat, is that the same with Resin?
Can you add the -verbose to check that chroot is occurring properly.
Remember, for chroot to work, /resin/thehost/www.domain.com needs to
have all the unix binaries, including the JVM.
-- Scott
Last twist::::If I am running Resin in conjunction with Apache does
that cause additional CHROOT issues?
Can resin handle multiple certs for virtual hosts using a
watchdog.conf setup? I primarily use apache for mod_rewrite & ssl
certificates.
Thanks,
Joey
_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest
_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest
