我为用户“bob”设置了一个chroot监狱。 bob位于/ var / jails / bob
Bob有一个位于/var/jails/bob/bobssite.com/public_html的网站
一切似乎工作到目前为止,包括这一事实,该进程是与鲍勃的uid运行(检查与PHP“exec('whoami')),也就是说,直到我设置在php5-fpmconfiguration文件中的bob的站点chroot /etc/php5/fpm/pool.d/bobssite.com.conf):
[bobssite.com] ; Per pool prefix ; It only applies on the following directives: ; - 'slowlog' ; - 'listen' (unixsocket) ; - 'chroot' ; - 'chdir' ; - 'php_values' ; - 'php_admin_values' ; When not set, the global prefix (or /usr) applies instead. ; Note: This directive can also be relative to the global prefix. ; Default Value: none ;prefix = /var/jails/bob/$pool/public_html/ user = bob group = webjail listen = /var/run/php5-fpm_bobssite.com.sock listen.owner = www-data listen.group = www-data pm = dynamic pm.max_children = 5 pm.start_servers = 2 pm.min_spare_servers = 1 pm.max_spare_servers = 3 ; Chroot to this directory at the start. This value must be defined as an ; absolute path. When this value is not set, chroot is not used. ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one ; of its subdirectories. If the pool prefix is not set, the global prefix ; will be used instead. ; Note: chrooting is a great security feature and should be used whenever ; possible. However, all PHP paths will be relative to the chroot ; (error_log, sessions.save_path, ...). ; Default Value: not set chroot = /var/jails/bob/bobssite.com/public_html chdir = / 现在,当上面的chroot被注释掉的时候,一切正常。 如果我把它设置为像/ var / jails / bob / notbobssite php5-fpm不重启/工作,因为这是一个无效的path。 如果我将其设置为当前所设置的值,则在访问该页面时出现“文件未find”,而在我的error.log
[Thu Oct 16 10:46:39 2014] [error] [client myip] FastCGI: server "/usr/lib/cgi-bin/php5-fcgi_bobssite.com" stderr: Primary script unknown [Thu Oct 16 10:46:39 2014] [debug] mod_deflate.c(700): [client myip] Zlib: Compressed 16 to 24 : URL /php5-fcgi/user.php
那么这里发生了什么? 我猜测debugging线有答案,但我不明白?
这是我的Apache虚拟主机configuration文件:
<VirtualHost *:80> ServerAdmin [email protected] ServerName bobssite.com ServerAlias www.bobssite.com DocumentRoot /var/jails/bob/bobssite.com/public_html/ ErrorLog /var/jails/bob/bobssite.com/error.log CustomLog /var/jails/bob/bobssite.com/access.log combined <IfModule mod_fastcgi.c> AddType application/x-httpd-fastphp5 .php Action application/x-httpd-fastphp5 /php5-fcgi Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi_bobssite.com FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi_bobssite.com -socket /var/run/php5-fpm_bobssite.com.sock -pass-header Authorization </IfModule> </VirtualHost>