Lighttpd install perl, mysql support in chrooted jail

Posted on in Categories lighttpd, MySQL, Security last updated October 6, 2006
Lighttpd logo

Perl is Practical Extraction and Report Language, which is quite famous and used by many web application. A Perl5 database interface to the MySQL database is provided by libdbd perl mysql shared library.

A note to readers

Following article is about running lighttpd perl in secure chrooted jail.

If you just need to run perl cgi-bin program out of box, please follow this previous article.

You can install perl support via mod_fastcgi or mod_cgi. Following are essential steps to run perl based application in chrooted lighttpd setup along with MySQL

This article is part of securing and running Lighttpd in chrooted jail.

Step #1: Enable mod_cgi

# lighty-enable-mod cgiOutput:

Available modules: auth cgi cml fastcgi proxy simple-vhost ssi ssl trigger-b4-dl userdir
Already enabled modules:
Enabling cgi: ok
Run /etc/init.d/lighttpd force-reload to enable changes

Now modify the file /etc/lighttpd/conf-enabled/10-cgi.conf file as per our chrooted jail setup:
# cp /etc/lighttpd/conf-enabled/10-cgi.conf /root/
# vi /etc/lighttpd/conf-enabled/10-cgi.conf
Modify the file as follows:
server.modules += ( "mod_cgi" )
alias.url += ( "/cgi-bin/" => "/home/lighttpd/cgi-bin/" )
cgi.assign = (
".pl" => "/usr/bin/perl",
)

Save and close the file.

Step #2: Prepare the file system for perl

# mkdir /webroot/usr/share -p
# mkdir /webroot/usr/lib -p
# mkdir /webroot/home/lighttpd/cgi-bin/ -p
# chown www-data:www-data /webroot/home/lighttpd/cgi-bin/

Step #3: Put Perl in the jail

Copy /usr/bin/perl to /webroot/usr/bin directory:# cp /usr/bin/perl /webroot/usr/bin

Install shared object/libraries used by perl:# /bin/l2chroot /usr/bin/perl

Now copy all perl files and modules stored in /usr directory:
# cp -avr /usr/share/perl /webroot/usr/share
# cp -avr /usr/share/perl5 /webroot/usr/share
# cp -avr /usr/lib/perl /webroot/usr/lib
# cp -avr /usr/lib/perl5 /webroot/usr/lib

Step #4: Put Perl MySQL DBD shared libraries in the jail

Copy shared libraries needed to load perl mysql.so (which is stored at /webroot/usr/lib/perl5/auto/DBD/mysql/mysql.so). Type the following command:
# /bin/l2chroot /usr/lib/perl5/auto/DBD/mysql/mysql.so

Please note that you have just enabled perl mysql support. However /usr/lib/perl5/ directory contains other shared object used by perl. You need to enable them to use rest of Perl features.

Step #5: Restart the lighttpd

# /etc/init.d/lighttpd restart

Test your perl+mysql setup

Copy following files to your /webroot/home/lighttpd/cgi-bin/ directory.

  • db.pl: Test MySQL database connectivity (perl script), make sure you modify this file for correct MySQL server hostname, username and password.
  • index.pl: simple perl program

Open a web browser and run http://yourdomain.com/cgi-bin/db.pl and http://yourdomain.com/cgi-bin/index.pl

Continue reading the rest of Lighttpd series articles.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

Leave a Comment