Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

What is a chroot?

April 26, 2017chroot

0

10 Posted

What is a chroot?

1 Answer

0

Posted

A chroot(2)ed application is locked into a particular directory and unable to wander around the rest of the directory tree, and sees that directory as its “/” (root) directory. In the case of httpd(8), the program starts, opens its log files, binds to its TCP ports (though, it doesn’t accept data yet), and reads its configuration. Next, it locks itself into /var/www and drops privileges, then starts to accept requests. This means all files served and used by Apache must be in the /var/www directory. In the default configuration of OpenBSD, all the files in the /var/www directory are read-only by the user Apache runs as, www. This helps security tremendously — should there be a security issue with Apache, the damage will be confined to a single directory with only “read only” permissions and no resources to cause mischief with.

Is support for running rssh in a chroot jail planned?
Why FastCGI + Chroot?
Why use chroot?