Apache2 mod_fastcgi: Connect to External PHP via UNIX Socket or TCP/IP Port

Posted on in Categories Apache, CentOS, fedora linux, Howto, lighttpd, Networking, php, RedHat/Fedora Linux, Security, Tips, Troubleshooting, Tuning last updated December 30, 2008

Now, mod_fastcgi is configured and running. FastCGI supports connection via UNIX sockets or TCP/IP networking. This is useful to spread load among various backends. For example, php will be severed from 192.168.1.10 and python / ruby on rails will be severed from 192.168.1.11. This is only possible with mod_fastcgi.

Find out if service / server running in chrooted jail or not under Linux

Posted on in Categories Howto, Linux, Sys admin, Tips last updated September 10, 2007

Chrooted jail allows run command or service such as http / mysql / postfix with special root directory i.e. chroot changes the root directory for application. The biggest benefit is a service that is re-rooted to another directory cannot access files outside that directory. Basically you are going to set service in sandbox. Chrooting offers the following 2 benefits:

[a] Service Isolation

[b] Privilege Separation

But how do you find out if service / server is chrooted or not under Linux?

Simply run ls -ld command on /proc/MAIN-PID/root directory.

For example, find out if httpd chrooted or not:
pidof httpd
Output:

23456

Run ls command:
ls -ld /proc/23456/root
Output:

lrwxrwxrwx 1 root root 0 Sep 10 02:52 /proc/23456/root -> /wwwdata

Find out if postfix is chrooted or not (PID 4645):
ls -ld /proc/4645/root
Output:
lrwxrwxrwx 1 root root 0 Sep 10 02:59 /proc/4645/root -> /
The PID 4645 pointing out to / (root) i.e. the root directory for application is not changed or chrooted. This is a quick and dirty way to find out if application is chrooted or not w/o opening configuration files.