From: Arjen (arjen_at_renegade.demon.nl)
Date: Wed 04 May 2005 - 18:42:38 BST
On 4/5/05 5:02 pm, "Herbert Poetzl" <herbert_at_13thfloor.at> wrote:
> On Wed, May 04, 2005 at 02:32:59PM +0200, Arjen wrote:
>> On Wed, 4 May 2005, Herbert Poetzl wrote:
>>> On Tue, May 03, 2005 at 06:24:11PM +0200, Arjen wrote:
>>>> ssh. Ever tried to ssh from one vserver to another vserver? Or started a
>>>> screen session inside a vserver? I think the problem has something to do
>>>
>>> hmm, did you verify that your user is in the 'tty' group?
>>
>> Ok, i've got things working, ssh by adding it to the tty group and screen
>> by making it sgid. But, again, i don't think this is the real solution, in
>> my host a normal user doesn't need to be in the tty group to be able to
>> ssh, or screen doesn't need the sgid bit set to work in the host.
>
> well, hey this is a security feature, feel free to change
> the permissions of the pts mount to use insecure rw for
> all ... sgid for screen should not be required, if your
> user is in the tty group ...
>
> (check with changing the tty with chmod a+rw /dev/tty* )
Aha, ok, sorry for my lack of knowledge here, but I assumed the environment
should be the same as in the host. Logical question, is it 'normal' that the
host has a+rw and the guests don't?
>>>> with /dev/tty*,
>>>> crw-rw---- 1 root tty 5, 0 Mar 4 14:39 /dev/tty (inside the vserver)
>>>> Compare it with /dev/tty in the host,
>>>> crw-rw-rw- 1 root tty 5, 0 May 1 22:32 /dev/tty (in the host)
>> I'm running Gentoo, 2.6.11.6-grsec-vs1.9.5 on an amd64,
>> util-vserver-0.30.204.
>
> be carefult to use 64bit userspace for the tools, and
> a nicely patched up dietlibc ...
> (unless you are running it with a 32bit kernel ;)
ATM I'm happily running 3 to 5 vservers, 3 of them replaced 2 actual
computers! Much less noise ;) and I could finally separate things. It's
running in a (I'm not sure if this is gentoo specific) multilib environment,
not pure 64bit but it al looks pretty solid, no real problems, the vservers
are doing their work nicely. IOW thanx guys! :)
Cheers,
-Arjen
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver