About this list Date view Thread view Subject view Author view Attachment view

From: Vlad (vlad_at_vlad.net)
Date: Thu 14 Feb 2002 - 15:06:54 GMT


I think thats the basis for chroot - it binds the new context to an ip
address... otherwise you might as well just set up a generic chroot for
each service..

What you can try and do is create your vservers in private address space
(192.168, 10.0.) and then do port forwards from the 1 real ip address..

-Vlad

On 14 Feb 2002, klavs klavsen wrote:

> Hi guys,
>
> I need to install and maintain 6 kind of servers.
>
> 1, with samba and openldap, 1 with Postfix, courier-imap, OpenLdap and
> Apache and so forth.
>
> what i wanted to do, is to have them all installed on 1 physical
> machine, under each vserver.
>
> I was thinking, that it would be a good idea to chroot each service on
> each server, so that a vulnerability in one, doesn't put the other
> services on that machine in danger. Unfortunately chroot is not safe
> (see earlier mail on this list).
>
> I've read the docs on the site, but it's not really clear to me if can
> do this, and how this compares to doing the same with chroot (except for
> the fact that chroot is not safe and vserver is :-)
>
> My questions therefore are these:
>
> Can I "chroot" each service on each vserver - without having to create a
> new vserver (with a new IP) for each service?
>
> In the case of postfix and courier-imap can two "chroot" jails share the
> same files (the maildir)?
>
> A final question, if I install ssh on each vserver - and the services
> are chrooted - will the ssh-users still be able to configure them? -
> they would with a normal chroot, so that shouldn't be a problem?
>
>


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 06 Nov 2002 - 07:03:39 GMT by hypermail 2.1.3