On Mon, Jun 16, 2003 at 06:06:05PM +0200, Martin List-Petersen wrote: > Citat Mitchell Smith <[EMAIL PROTECTED]>: > > > Greetings list, > > > > I am wanting to create a management console for my virtual > > host users so that they may
I assume the physical machine is referred to here .. > > . Restart their virtual server if necessary > > . Log in on the console in the event they get over enthusiastic > > with their firewall rules or something and lock themselves out. I further assume, the have some unix user account on the physical context ... > > My question is to the security of the vserver binary. > > > > obviously I would run a restricted shell like osh or something > > similar, but can anyone think of a way that I can. I guess you mean in this unix account? > > a. allow them to "vserver stop|start" with out being root > > b. "vserver enter'" only on their own vserver and no one elses. what about sudo? that can be configed for all your purposes, without giving anything unwanted to anybody ... or a nifty sshd setup, which executes the required commands ... > > Obviously something such as this would be easier using something > > like user mode linux, but we have built our whole system on > > vserver, so it's a bit late to change. it is never too late to change ... > vserver start | stop i can't see the big problem with. > I would realise this via a cron job, that checks a file > or database or something else, then stops and > starts the vserver and writes a status back. if you suggesting to implement vreboot, save your time, it has been already done (rebootmgr) .. > vserver enter i would find slightly more complicated to > acomplish without compromising your host system. hmm? you are referring to the shell-scriptness of the vserver script? if you really need security, you could always code your syscalls yourself ... best, Herbert > Regards, > Martin List-Petersen > martin at list-petersen dot dk > -- > Don't go surfing in South Dakota for a while.
