vnode.ch virtual home of a Unix developer

Copyright © 2003-2008 by Marc Balmer. All rights reserved.

OpenBSD some time ago changed the mode of operation for the Apache webserver from the normal non-chrooted operation to chrooted operation. This enhances the security of the server on which Apache is run but it imposes a few challenges to the system administrator.

In this article I will discuss selected aspects of running a chrooted HTTP daemon and present strategies on how to set up a chrooted environment for more complex applications like database access or using CGI-scripts.

(First published on April 6, 2003, revised on March 20, 2004, converted to HTML for online publishing on December 21, 2007.)

All of these projects, except dynload and mod_clamscan, are in the OpenBSD ports and packages collection.

• smtp-vilter, a fast and flexible content filter for sendmail
• smtp-benchmark, an SMTP benchmark programs
• ldapvacation, an LDAP version of the vacation program
  

• watchdogd(8), a daemon to periodically retrigger the watchdog(4) timer device from userland
• nmea(4), a NMEA 0183 line discipline
• nmeaattach(8), a utility to attach the nmea(4) line disciplines to ttys, no obsoleted by the newer and more general ldattach(8) command