[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: virtual hosting

On Tue, 26 Mar 2002 15:49, Michal Novotny wrote:
> It is possible to make virtual web hosting (apache) in chroot jail?

Yes.  Just install complete copies of Debian in the chroot jails.

> There is a little problem with about 1500 domains/clients.
> How can I set it up (with perl/php/ssi/ssl/cgi/ftp/mysql etc.) ?
> I think it have to be all in the chrooted directory, so will it be
> apache/perl/mysql/libs for each domain? or could it be symlinked?

Symlinks do not work across chroot jails by definition.

> I do not imagine about 1500 chroots...

You would need to have a lot of memory and CPU power for that many chroot's.

> But I think if it can work then it will be so secure, isn't it?

If it has root access for ANYTHING and it uses a stock kernel then running it 
chroot gives no extra protection.

If you want chroot to actually give you any significant security benefits 
then you need a kernel patch such as grsecurity.

Let's leave debian-security out of this now and keep it on debian-isp.

If you send email to me or to a mailing list that I use which has >4 lines
of legalistic junk at the end then you are specifically authorizing me to do
whatever I wish with the message and all other messages from your domain, by
posting the message you agree that your long legalistic sig is void.

To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: