Is it possible to chroot nginx also fastcgi? if yes, how?
on 01.09.2008 10:22
on 01.09.2008 10:55
Witam!
W liście datowanym 1 września 2008 (10:22:06) napisano:
> Is it possible to chroot nginx also fastcgi? if yes, how?
1. you have to build chroot ( i am usually using debootstrap)
2. you have to chroot into just created chroot
3. install ngin etc
4. start services in chroot
on 01.09.2008 11:08
On Mon, Sep 01, 2008 at 10:22:06AM +0200, Robert Gabriel wrote:
> Is it possible to chroot nginx also fastcgi? if yes, how?
AFAIK nginx itself doesn't have chroot feature.
as for FCGI, well, depends on the way you are spawning FCGI processes,
lighttpd's spawn-fcgi for example has -c which allows it to be chrooted.
on 01.09.2008 11:21
The process model of NGINX would make it almost impossible for NGINX
worker process itself to chroot.
The reason for this is that an NGINX worker process uses a set of
asynchronous handlers to convey the impression of simultaneous request
processing.
When a process calls a chroot(), it is impossible to get back out of the
new root, unless a directory outside the root was opened (opendir/dirfd)
before the chroot.
Since worker process in NGINX doesn't exit() on its own, chroot()ing it
would not be a good idea.
Given the NGINX architecture, it is all but impossible to implement
chroot, say, based on a virtual host, etc.
Executing other programs, on the other hand, is a different topic.
For instance, apache uses the suexec wrapper to spawn CGI scripts. if
NGINX gets support for CGI in the future, then the wrapper could
conceivably support chroot(), because a CGI program runs in its own
process.
Running NGINX in private root itself, that's a separate matter, and that
should be doable as long as all the libraries that NGINX links to, are
present under the new root.
----- Original Message -----
From: "Almir Karic" <almir@kiberpipa.org>
To: nginx@sysoev.ru
Sent: Monday, September 1, 2008 2:30:12 PM GMT +05:30 Chennai, Kolkata,
Mumbai, New Delhi
Subject: Re: how to chroot nginx
On Mon, Sep 01, 2008 at 10:22:06AM +0200, Robert Gabriel wrote:
> Is it possible to chroot nginx also fastcgi? if yes, how?
AFAIK nginx itself doesn't have chroot feature.
as for FCGI, well, depends on the way you are spawning FCGI processes,
lighttpd's spawn-fcgi for example has -c which allows it to be chrooted.
on 01.09.2008 18:19
On 9/1/08, Almir Karic <almir@kiberpipa.org> wrote: > AFAIK nginx itself doesn't have chroot feature. > > as for FCGI, well, depends on the way you are spawning FCGI processes, > lighttpd's spawn-fcgi for example has -c which allows it to be chrooted. but spawn-fcgi is lame. :) php-fpm is king.