Sun Java System Web Server 6.1 SP11 Administrator's Guide

Making Additional Changes to Protect Servers

If you need to have both protected and unprotected servers, you should operate the unprotected server on a different machine from the protected one. If resources are limited and you must run an unprotected server on the same machine as your protected server, do the following.

The chroot allows you to create a second root directory to limit the server to specific directories. You use this feature to safeguard an unprotected server. For example, assume that the root directory is /d1/ms. Then any time the web server tries to access the root directory, it is connected /d1/ms. If the Web Server tries to access /dev, it gets /d1/ms/dev. This process allows you to run the web server on your UNIX/Linux system, without giving it access to all the files under the actual root directory.

However, if you use the chroot, you need to set up the full directory structure required by the Sun Java System Web Server under the alternative root directory, as shown in the following illustration:

Figure 6–2 Example of chroot Directory Structure

Example of chroot Directory Structure

ProcedureTo specify the chroot for a Virtual Server Class

You can specify the chroot directory for a virtual server class by performing the following steps:

  1. Access the Server Manager and select the server instance from the drop-down list.

  2. Select the Virtual Server Class tab.

  3. Click the Edit Classes link.

  4. Make sure the Option is set to Edit for the class in which you wish to specify chroot.

  5. Click the Advanced button for that class.

    The Virtual Servers CGI Settings page appears.

  6. Enter the full pathname in the Chroot field.

  7. Click OK.

  8. Click Apply.

  9. Choose Load Configuration Files to dynamically apply.

Specifying the chroot for a Virtual Server

You can specify the chroot directory for a specific virtual server by performing the following steps:

ProcedureTo specify the chroot directory for a specific virtual server

  1. Access the Server Manager and select the server instance from the drop-down list.

  2. Select the Virtual Server Class tab.

  3. Click on the link for the virtual server you wish to specify the chroot directory for from the Tree View of the Server.

  4. Select the Settings tab.

    The Settings page appears.

  5. Enter the full pathname in the Set to field next to Chroot Directory.

  6. Click OK.

  7. Click Apply.

  8. Choose Load Configuration Files to dynamically apply.

    You can also specify the chroot directory for a virtual server using the Class Manager Virtual Servers tab and the CGI Settings link.

    For more information about how to specify a chroot directory for a virtual server, see the Sun Java System Web Server 6.1 SP11 Programmer’s Guide.