[vserver] many services - 1 IP.

About this list Date view Thread view Subject view Author view Attachment view

From: klavs klavsen (kl_at_vsen.dk)
Date: Thu Feb 14 2002 - 08:25:40 EST

Hi guys,

I need to install and maintain 6 kind of servers.

1, with samba and openldap, 1 with Postfix, courier-imap, OpenLdap and
Apache and so forth.

what i wanted to do, is to have them all installed on 1 physical
machine, under each vserver.

I was thinking, that it would be a good idea to chroot each service on
each server, so that a vulnerability in one, doesn't put the other
services on that machine in danger. Unfortunately chroot is not safe
(see earlier mail on this list).

I've read the docs on the site, but it's not really clear to me if can
do this, and how this compares to doing the same with chroot (except for
the fact that chroot is not safe and vserver is :-)

My questions therefore are these:

Can I "chroot" each service on each vserver - without having to create a
new vserver (with a new IP) for each service?

In the case of postfix and courier-imap can two "chroot" jails share the
same files (the maildir)?

A final question, if I install ssh on each vserver - and the services
are chrooted - will the ssh-users still be able to configure them? -
they would with a normal chroot, so that shouldn't be a problem?

Klavs Klavsen

-------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant kl_at_vsen.dk - http://www.vsen.dk

Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA Fingerprint = A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter

About this list Date view Thread view Subject view Author view Attachment view

This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:01:01 EDT