[Wylug-help] Apache chroot'ed - MySQL socket?
Dan Walker
danielwalker at fastmail.fm
Tue Aug 26 11:28:50 BST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tuesday 26 Aug 2003 09:51, James Holden wrote:
> Morning all,
>
> UNIX guru advice needed please....
>
> I'm building an OpenBSD web server, and I have apache installed chrooted
> to /var/www.
>
> I also want MySQL running on the machine, but my scripts can't see the
> mysql socket in it's default location of /var/run/mysql.
>
> What's the best approach to this? I reconfigured Mysql to place it's
> socket within the chroot jail that apache is running in , and it works
> fine but is that the best way to do it? Are there security implications?
> I could connect via TCP/IP through localhost, but that would have a
> performance hit, wouldn't it?
>
> Can I specify two sockets for MySQL? I could put one in
> /var/www/var/run/mysql and one in /var/run/mysql.
Mysql is fairly flexible - do a soft link from /var/www/var/run/mysql to
/var/run/mysql.
Having said that, I bet the OpenBSD crowd would favour chrooting MySQL as
well.
I can't really comment on security here - I tend to only use OpenBSd as a
firewall.
Dan
- --
Daniel Walker
'Physics is like sex; sure, it may occasionally give some
practical results, but that's not why we do it"
- - Richard Feynman
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/SzZnC2kcpPIIs7gRAqfwAJ4lCY/KDix9dC/V5ezCS+qNxwPm3ACeKZBE
LaVkcLpUq5WYop7GOVYE6q4=
=1/nV
-----END PGP SIGNATURE-----
More information about the Wylug-help
mailing list