Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 27 Mar 2000 17:16:48 +0100 (BST)
From:      Paul Robinson <wigstah@akitanet.co.uk>
To:        dave@allunix.com
Cc:        freebsd-isp@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG
Subject:   Re: sandbox of virtual servers
Message-ID:  <Pine.BSF.4.10.10003271709330.44309-100000@elwood.akitanet.co.uk>
In-Reply-To: <200003271352.FAA01289@web1.allunix.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 27 Mar 2000 dave@allunix.com wrote:

> Has anyone out there setup a sandbox limiting users to their own 
> home directories in a telnet or ftp session?

You mean a chroot(2) environemnt? I.e. you stop users getting out of their
own hom directory? Are you talking more about the jail() call in FreeBSD
4.0?

If all you need is to chroot them, take a look at the OpenBSD ftpd, or in
fact proftpd, wu-ftpd etc. If you need to stop them running all over the
place in telnet, then you need to write a restricted shell, although I
hear there is already one around whose name escapes me.

As far as sandboxing is concerned in terms of CGI's and so on, the best
webserver I know to handle this is Zeus (which costs around $1500 but is
worth every penny). Not only will it sandbox the CGI for you, but it also
is easily around 5-10 times faster than Apache in my experience. It also
has better stats, can handle a theoretical infinte number of virtual
servers, and is generally far easier ot configure, run and maintain than
any other piece of software I've encountered in the ISP game. Don't work
for them, but I do like their code... :) they're at www.zeustechnology.com
 
> chroot enviroment. Complete with their own sendmail and apache 
> configuration files?

Sounds like jail() which is not really marked for production use at the
moment as I understand it. I've also heard a whisper that some of the
nasty hax0rs out there have already managed to find a way to break it,
although that could all be just smoke and mirrors... :)
 
> As I do not subscribe to the stable list, please cross post it to the 
> isp or questions list.

If you don't subscribe to a list, don't post to it. It's rude. I'm almost
tempted to not cross-post it, just to annoy you as much as that statement
has annoyed me. :)
 
-- 
Paul Robinson - Developer/Systems Administrator @ Akitanet Internet



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10003271709330.44309-100000>