[rrd-users] RRDTool on OpenBSD 4.0

Andreas Maus a.maus at science-computing.de
Mon Apr 16 07:42:51 CEST 2007 

On Fri, Apr 13, 2007 at 04:34:16PM -0500, Anthony Miller wrote:
Hi Anthony.

> Can't load '/usr/local/libdata/perl5/site_perl/i386-openbsd/auto/RRDs/RRDs.so'
> for module RRDs: Cannot load specified object at
> /usr/libdata/perl5/i386-openbsd/5.8.8/DynaLoader.pm line 230.
>  at /cgi-bin/mailgraph.cgi line 8
O.K. Thats not a problem of rrdtool. AFAIK the apache on OpenBSD
runs in a chroot()ed environment.

man 8 httpd on OpenBSD states that:

[... snipp ...]
     By default, httpd will chroot(2) to the ``ServerRoot'' path, serving doc-
     uments from the ``DocumentRoot'' path.  As a result of the default secure
     behaviour, httpd cannot access any objects outside ``ServerRoot'' - this
     security measure is taken in case httpd is compromised.  This is not
     without drawbacks, though:

     CGI programs may fail due to the limited environment available inside
     this chroot space.  ``UserDir'', of course, cannot access files outside
     the directory space.  Other modules will also have issues.
     ``DocumentRoot'' directories or any other files needed must be inside
     ``ServerRoot''.  For this to work, pathnames inside the configuration
     file do not need adjustment relative to ``ServerRoot''.  For this option
     to remain secure, it is important that no files or directories writable
     by user www or group www are created inside the ``ServerRoot''.
[... snipp ...]

So you have to setup a proper chroot() or - not recommended - disable
the chroot by starting httpd with the -u switch.

HTH,

Andreas.

-- 
Dipl.-Ing. Andreas Maus             science+computing ag
System Administration               Hagellocher Weg 73
mail: a.maus at science-computing.de   72070 Tuebingen, Germany
tel.: +49 7071 9457 456             www.science-computing.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.oetiker.ch/pipermail/rrd-users/attachments/20070416/c09c8271/attachment.pgp

More information about the rrd-users mailing list