I would like to provide as complete of a system as possible to the
jail/domain owners What specifically do I need to ensure they DON'T have
access to? And if I give them access to the ports collection, how do I
prevent them from just installing said binaries anyways?
Another thing I was thinki
if (test "$iii" = "198") then
i=4
fi
if (test "$iii" = "220") then
i=5
fi
if (test "$iii" = "222") then
i=6
fi
if ( test "$1" = x) then
echo -e &q
On Sep 22, 2005, at 6:51 PM, Malachi de Ælfweald wrote:
I am thinking at this point what I am going to try to do is build a
jail
skeleton, then use unionfs to mount on top of that... so in theory,
I could
save a LOT of space while at the same time giving them pretty
complete jails
(one pe
I am thinking at this point what I am going to try to do is build a jail
skeleton, then use unionfs to mount on top of that... so in theory, I could
save a LOT of space while at the same time giving them pretty complete jails
(one per domain).
Malachi
On 9/13/05, Frank Mueller - emendis GmbH <[E
Hi there,
if you have enough system resources I would recommend using seperate
jails for every user.
All u have to keep in mind is that you won't be able to provide some
services (SMTP, POP, IMAP, usw.) more than once for the whole system
because they need a predefined port (25, 110, 443, usw.
On Tue, 13 Sep 2005 14:43:00 +0100
Elliot Crosby-McCullough <[EMAIL PROTECTED]> wrote:
> Obviously jails are a good start, but my main concern is whether to go
> for one large jail for all the restricted users or one small jail per user.
-- cut --
> The accounts themselves will be su
I have been getting ready to do one-jail per domain myself. The key though
is that if you want to support any port (and specifically things like ssh)
they have to have a public IP address (or 1:1 NAT)... ie: if the ssh server
is running under each jail, you need to know my IP address which one t
I think one jail for them all would be the only option, think if you
have 10+ users that's a lot of copies of binaries and libs. You might
want to look into jailkit:
http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html
I've used it on linux before but never bsd.
Good luck!
Mike
Dear all,
I will shortly be creating a public service on a private box that will
include shell access to untrusted users and would like your opinion on
the best way to go about this.
Obviously jails are a good start, but my main concern is whether to go
for one large jail for all the restr
