[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re[2]: virtual hosting

Hmm, I think this doesn't work for me, I forgot that there will be too
much memory  and strong cpu needed :-( So, I'll need to find other way
to more secure my box. I'll take a look at the grsecurity...

Thanks for now, I'll be back ;)

Michal Novotny

26. bøezna 2002 17:08:41, Russell Coker <russell@coker.com.au> pise:

> On Tue, 26 Mar 2002 15:49, Michal Novotny wrote:
>> It is possible to make virtual web hosting (apache) in chroot jail?

> Yes.  Just install complete copies of Debian in the chroot jails.

>> There is a little problem with about 1500 domains/clients.
>> How can I set it up (with perl/php/ssi/ssl/cgi/ftp/mysql etc.) ?
>> I think it have to be all in the chrooted directory, so will it be
>> apache/perl/mysql/libs for each domain? or could it be symlinked?

> Symlinks do not work across chroot jails by definition.

>> I do not imagine about 1500 chroots...

> You would need to have a lot of memory and CPU power for that many chroot's.

>> But I think if it can work then it will be so secure, isn't it?

> If it has root access for ANYTHING and it uses a stock kernel then running it 
> chroot gives no extra protection.

> If you want chroot to actually give you any significant security benefits 
> then you need a kernel patch such as grsecurity.

> Let's leave debian-security out of this now and keep it on debian-isp.

To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: