Connecting to Postgresql via php with Apache chrooted (openBSD)

I have installed php and postgresql on OpenBSD. the default install of Apache does a chroot shortly after startup. If I run it chrooted then I can't connnect to postgres.

I suspect it is because it needs to write to /tmp but why would it not be writing as the postgresql user instead of www.

has anyone else had this issue, how did you solve it. Thanks for any help.

1. you need a "/tmp" in your chrooted directory. make it mode 1777 (rwxrwxrwt).

2. mod_php always runs as the user the www server is running as ("www"). you can use PHP as cgi and use the suexec mechanism of apache ( http://httpd.apache.org/docs/suexec.html ) to run it as another user.

why do you need /tmp for access to postgres?
is php trying to connect to postgres via a named pipe? (aka is there a file "/tmp/postgres.sock" that is used to communicate with prostgres?) - i don´t know it, but mysql does use this way...

then forget everything above and make php connect to your database via sockets instead, i.e. connect to "localhost".

Thanks.

I found an command-line option to pass to postgresql startup that changes the unix-socket location. I think that will work.

furthur, is it a real advantage to run it chRoot'ed? It doesn't do that on linux.

If you set httpd_flags in /etc/rc.conf to -u, then OpenBSD won't chroot Apache.

the chroot() mechanism is a quite good security measure to protect the other parts of your system after apache got hacked...