Skip to Content.
Sympa Menu

cacert-sysadm - Re: What's up with test1.cacert.at? (FULL)

cacert-sysadm AT lists.cacert.org

Subject: CAcert System Admins discussion list

List archive

Re: What's up with test1.cacert.at? (FULL)


Chronological Thread 
  • From: Wytze van der Raay <wytze AT cacert.org>
  • To: cacert-sysadm AT lists.cacert.org
  • Cc: Ian G <iang AT iang.org>, Jan Dittberner <jandd AT cacert.org>, ulrich <ulrich AT cacert.org>, dirk astrath <dirk.astrath AT cacert.org>, Philipp Gühri ng <philipp AT cacert.org>
  • Subject: Re: What's up with test1.cacert.at? (FULL)
  • Date: Sun, 17 Jan 2010 17:55:56 +0100
  • Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT cacert.org; dkim-asp=none
  • Organization: CAcert
Hi Ted,

On 01/11/2010 08:27 PM, Bernhard Fröhlich wrote:
> ...
> The bigger problem was that the php scripts could not contact the mysql
> database. Jan's (probably correct) opinion was that the chrooted apache
> process coult not access the mysql socket at
> /var/run/mysqld/mysqld.sock. So with some trial and error I replaced all
> references to /var/run/mysqld with /chroot/var/run/mysqld in
> /etc/mysqld/my.cnf and /etc/mysqld/debian.cnf.
> Then the mysql user did not have write access to /chroot/var/run/mysqld
> which probably prevented the creation of the socket. Therfore I chowned
> /chroot/var/run/mysqld to mysql.

All these steps should not ne necessary as far as I know, at least on the
production server we do not do this. The mysqld.sock is not needed for
php access to the database from the chroot'ed apache, and in fact it
should not even exist in the chroot environment for security reasons.
The communication between apache/php and mysqld takes place via a TCP
connection to localhost:3306; note thatnetworking is not restricted by
chroot (for good or for worse).

Regards,
-- wytze

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


Archive powered by MHonArc 2.6.16.

Top of Page