Re: Shell accounts for multiple domains on one box

To: Stephen R Laniel <steve@laniels.org>
Cc: debian-isp@lists.debian.org
Subject: Re: Shell accounts for multiple domains on one box
From: Duane Powers <duane@uberLAN.net>
Date: Thu, 24 Mar 2005 08:59:36 -0800
Message-id: <[🔎] 4242F1F8.5040400@uberLAN.net>
In-reply-to: <[🔎] 20050324013653.GA13982@TheloniousMonk.laniels.org>
References: <[🔎] 20050324013653.GA13982@TheloniousMonk.laniels.org>

I do it like so:

My user db is in LDAP, I have pam configured to use ldap for itslookups, the homedir is specified in ldap. All ftp, shell, mailauthentication (imap/pop), and even apache web access is controlled byqueries against the LDAP backend. You are on the right path (imo)regarding the group permissions, with carefully designed user/grouppermissions you can allow and/or disallow access to directories as needed.As far as books or websites, I designed this myself, after looking atlots of different sites with little success. There are similar projectsout there, and if you're clever, you can twist them around to do whatyour bidding, but no turn-key solutions that I'm aware of.


HTH
~duane

Stephen R Laniel said the following on 3/23/2005 5:36 PM:

I've recently been doing some work for an IT consultancy
that's dabbling in hosting, but they don't seem to have
their procedures down cleanly. They host quite a number of
domains, and user@domain.com has to log in as
user-domain-com; users are confused by this, leading to no
end of troubles.

What's the canonical solution (I assume there must be one by
now) for hosting multiple domains on one machine if you
allow shell access? I'd like this to be as transparent to
the user as possible. Ideally, every service they run would
be domain-aware: sshing to larry@foo.com would produce a
different result than sshing to larry@domain.com. Likewise
for imapd, their MTA, Apache and so forth.

Also, I'd like larry@domain.com to have home directory
/home/domain.com/larry, and for all users within domain.com
to only have access to other directories under
/home/domain.com; perhaps all users within domain.com would
be members of the group 'domain.com'.

Finally, can the folks on this list point me to any good
books/websites for those of us who already know our Linux
very well, but are just getting started with these sorts
of scaling issues?

Thanks very much,
Steve

Reply to:

References:
- Shell accounts for multiple domains on one box
  - From: Stephen R Laniel <steve@laniels.org>

Prev by Date: DNAT-Port forward to internal servers with parallel firewalls
Next by Date: Re: Shell accounts for multiple domains on one box
Previous by thread: Re: Shell accounts for multiple domains on one box
Next by thread: Re: Shell accounts for multiple domains on one box
Index(es):
- Date
- Thread