Re: virtual hosting
On Tue, 26 Mar 2002 15:49, Michal Novotny wrote:
> It is possible to make virtual web hosting (apache) in chroot jail?
Yes. Just install complete copies of Debian in the chroot jails.
> There is a little problem with about 1500 domains/clients.
> How can I set it up (with perl/php/ssi/ssl/cgi/ftp/mysql etc.) ?
> I think it have to be all in the chrooted directory, so will it be
> apache/perl/mysql/libs for each domain? or could it be symlinked?
Symlinks do not work across chroot jails by definition.
> I do not imagine about 1500 chroots...
You would need to have a lot of memory and CPU power for that many chroot's.
> But I think if it can work then it will be so secure, isn't it?
If it has root access for ANYTHING and it uses a stock kernel then running it
chroot gives no extra protection.
If you want chroot to actually give you any significant security benefits
then you need a kernel patch such as grsecurity.
Let's leave debian-security out of this now and keep it on debian-isp.
If you send email to me or to a mailing list that I use which has >4 lines
of legalistic junk at the end then you are specifically authorizing me to do
whatever I wish with the message and all other messages from your domain, by
posting the message you agree that your long legalistic sig is void.
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com