Date: Mon, 27 Mar 2000 17:16:48 +0100 (BST) From: Paul Robinson <wigstah@akitanet.co.uk> To: dave@allunix.com Cc: freebsd-isp@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Subject: Re: sandbox of virtual servers Message-ID: <Pine.BSF.4.10.10003271709330.44309-100000@elwood.akitanet.co.uk> In-Reply-To: <200003271352.FAA01289@web1.allunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 27 Mar 2000 dave@allunix.com wrote: > Has anyone out there setup a sandbox limiting users to their own > home directories in a telnet or ftp session? You mean a chroot(2) environemnt? I.e. you stop users getting out of their own hom directory? Are you talking more about the jail() call in FreeBSD 4.0? If all you need is to chroot them, take a look at the OpenBSD ftpd, or in fact proftpd, wu-ftpd etc. If you need to stop them running all over the place in telnet, then you need to write a restricted shell, although I hear there is already one around whose name escapes me. As far as sandboxing is concerned in terms of CGI's and so on, the best webserver I know to handle this is Zeus (which costs around $1500 but is worth every penny). Not only will it sandbox the CGI for you, but it also is easily around 5-10 times faster than Apache in my experience. It also has better stats, can handle a theoretical infinte number of virtual servers, and is generally far easier ot configure, run and maintain than any other piece of software I've encountered in the ISP game. Don't work for them, but I do like their code... :) they're at www.zeustechnology.com > chroot enviroment. Complete with their own sendmail and apache > configuration files? Sounds like jail() which is not really marked for production use at the moment as I understand it. I've also heard a whisper that some of the nasty hax0rs out there have already managed to find a way to break it, although that could all be just smoke and mirrors... :) > As I do not subscribe to the stable list, please cross post it to the > isp or questions list. If you don't subscribe to a list, don't post to it. It's rude. I'm almost tempted to not cross-post it, just to annoy you as much as that statement has annoyed me. :) -- Paul Robinson - Developer/Systems Administrator @ Akitanet Internet To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10003271709330.44309-100000>