Is Chrooting apache/mysql/php a standard practice of securing web servers containing sensitive data?

Question

Is Chrooting apache/mysql/php a standard practice of securing web servers containing sensitive data (is it necessary)?

score 6 · Accepted Answer · answered May 11 '10 at 16:46

6

No, chrooting isn't standard practice with Apache. I wouldn't consider it necessary either. However, chuser and chgroup are-- you shouldn't run Apache as root. Doing all three is common with BIND. You should default to running with least privileges necessary with all daemons and all cases.

It's arguable that chrooting is pointless in a lot of cases as well. Check out Abusing a chroot jail.

answered May 11 '10 at 16:46

Warner

23,756
2
59
69

Very informative post, though it seems to desire as a premise the contained processes and users can chroot themselves\have root priveledges. Which from the comments I understand is avoidadble in a properly setup chroot.. – Joshua Enfield May 11 '10 at 17:06
I agree with your point. – Warner May 11 '10 at 17:17

score -1 · Answer 2 · answered Mar 06 '13 at 08:12

-1

Poor man's PHP environment chroot: http://www.smallbulb.net/2013/303-chroot-php

answered Mar 06 '13 at 08:12

smallbulb

1

Welcome to Server Fault! Please read our [faq] in particular [May I promote products or websites I am affiliated with here?](http://serverfault.com/faq#promotion). – EEAA Mar 06 '13 at 08:17

Is Chrooting apache/mysql/php a standard practice of securing web servers containing sensitive data?

2 Answers2