Re: virtual hosting
Hello, The only question I have in this setup is why would you need to chroot everything. In a typical hosting environment where users have FTP access to the server to upload web pages, you can just chroot the FTP daemon to the individual user's upload directory. As far as Apache, you could chroot the daemon to the directory where all your websites reside. But in that situation, I do believe you would need to copy all the binaries you would want to run (i.e. Perl, PHP, MySQL, etc.), but I could be wrong on that point. Hope that helps a bit. Regards, jovan rivera [EMAIL PROTECTED] On Tue, 26 Mar 2002 15:49:56 +0100 Michal Novotny [EMAIL PROTECTED] wrote: Hello! It is possible to make virtual web hosting (apache) in chroot jail? There is a little problem with about 1500 domains/clients. How can I set it up (with perl/php/ssi/ssl/cgi/ftp/mysql etc.) ? I think it have to be all in the chrooted directory, so will it be apache/perl/mysql/libs for each domain? or could it be symlinked? I do not imagine about 1500 chroots... But I think if it can work then it will be so secure, isn't it? Regards Michal Novotny -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: virtual hosting
Hello, The only question I have in this setup is why would you need to chroot everything. In a typical hosting environment where users have FTP access to the server to upload web pages, you can just chroot the FTP daemon to the individual user's upload directory. As far as Apache, you could chroot the daemon to the directory where all your websites reside. But in that situation, I do believe you would need to copy all the binaries you would want to run (i.e. Perl, PHP, MySQL, etc.), but I could be wrong on that point. Hope that helps a bit. Regards, jovan rivera [EMAIL PROTECTED] On Tue, 26 Mar 2002 15:49:56 +0100 Michal Novotny [EMAIL PROTECTED] wrote: Hello! It is possible to make virtual web hosting (apache) in chroot jail? There is a little problem with about 1500 domains/clients. How can I set it up (with perl/php/ssi/ssl/cgi/ftp/mysql etc.) ? I think it have to be all in the chrooted directory, so will it be apache/perl/mysql/libs for each domain? or could it be symlinked? I do not imagine about 1500 chroots... But I think if it can work then it will be so secure, isn't it? Regards Michal Novotny -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
virtual hosting
Hello! It is possible to make virtual web hosting (apache) in chroot jail? There is a little problem with about 1500 domains/clients. How can I set it up (with perl/php/ssi/ssl/cgi/ftp/mysql etc.) ? I think it have to be all in the chrooted directory, so will it be apache/perl/mysql/libs for each domain? or could it be symlinked? I do not imagine about 1500 chroots... But I think if it can work then it will be so secure, isn't it? Regards Michal Novotny -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: virtual hosting
On Tue, 26 Mar 2002 15:49, Michal Novotny wrote: It is possible to make virtual web hosting (apache) in chroot jail? Yes. Just install complete copies of Debian in the chroot jails. There is a little problem with about 1500 domains/clients. How can I set it up (with perl/php/ssi/ssl/cgi/ftp/mysql etc.) ? I think it have to be all in the chrooted directory, so will it be apache/perl/mysql/libs for each domain? or could it be symlinked? Symlinks do not work across chroot jails by definition. I do not imagine about 1500 chroots... You would need to have a lot of memory and CPU power for that many chroot's. But I think if it can work then it will be so secure, isn't it? If it has root access for ANYTHING and it uses a stock kernel then running it chroot gives no extra protection. If you want chroot to actually give you any significant security benefits then you need a kernel patch such as grsecurity. Let's leave debian-security out of this now and keep it on debian-isp. -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
virtual hosting
Hello! It is possible to make virtual web hosting (apache) in chroot jail? There is a little problem with about 1500 domains/clients. How can I set it up (with perl/php/ssi/ssl/cgi/ftp/mysql etc.) ? I think it have to be all in the chrooted directory, so will it be apache/perl/mysql/libs for each domain? or could it be symlinked? I do not imagine about 1500 chroots... But I think if it can work then it will be so secure, isn't it? Regards Michal Novotny -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: virtual hosting
On Tue, 26 Mar 2002 15:49, Michal Novotny wrote: It is possible to make virtual web hosting (apache) in chroot jail? Yes. Just install complete copies of Debian in the chroot jails. There is a little problem with about 1500 domains/clients. How can I set it up (with perl/php/ssi/ssl/cgi/ftp/mysql etc.) ? I think it have to be all in the chrooted directory, so will it be apache/perl/mysql/libs for each domain? or could it be symlinked? Symlinks do not work across chroot jails by definition. I do not imagine about 1500 chroots... You would need to have a lot of memory and CPU power for that many chroot's. But I think if it can work then it will be so secure, isn't it? If it has root access for ANYTHING and it uses a stock kernel then running it chroot gives no extra protection. If you want chroot to actually give you any significant security benefits then you need a kernel patch such as grsecurity. Let's leave debian-security out of this now and keep it on debian-isp. -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
