Running apache in chroot adds another layer of security. You can chroot the apache server and copy over all the libraries you need and only the programs you need like /bin/sh lets say to start/stop the server. In that way any security issue or intruder will end up in "jail" and have limited programs to run. Also what ever damage he/she might cause will be in the chroot enviroment, which you can esally recover, and not in your real root.
We run all our company production servers in chroot. Cheers, Igor On Mon, Jun 15, 2009 at 6:40 PM, Fred Zinsli <fred.zin...@shooter.co.nz>wrote: > Hello everyone > > I can't seem to get my head around this chrooted and non-chrooted apache > server thing at all. > > What are the pros & cons, advantages or dissadvantages of chrooted over > non-chrooted apache servers. > > In a nutshell, is a preferable to run apache chrooted on a production > server or not? > > Curently my public server is not chrooted but I am planning a major > upgrade and I thought this would be a good opertunity to change my apache > configuration at the same time if it was warranted. > > The server is currently configured for name based virtual hosts. > > Any comments would be most appreciated. > > Regards > > Fred > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
