Date: Wed, 12 Aug 1998 16:53:05 +1000 (EST) From: "Daniel O'Callaghan" <danny@hilink.com.au> To: Scot Elliott <scot@planet-three.com> Cc: John Prince <johnp@lodgenet.com>, freebsd-isp@FreeBSD.ORG, johnp@vwebpage.com Subject: Re: Virtual Server Message-ID: <Pine.BSF.3.96.980812164414.22620B-100000@enya.hilink.com.au> In-Reply-To: <Pine.BSF.4.00.9808081222510.1480-100000@tweetie.online.barbour-index.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 8 Aug 1998, Scot Elliott wrote:
> I've been thinking about this recently too. My conclustion is that
> something like xinetd (see ports) which allows addresses to be bound to is
> the way to go. Run multiple xinetd processes, one for each domain - each
> one chrooted to the domain root. Make sure each service in each file only
> binds to the correct address. Then, telnet/ftp etc connections will also
> be restricted to that root.
>
> Comments anyone?
I found it fairly easy to hack inetd to force a chroot to
the result of sprintf("/chrootdir/%s", inet_ntoa(socketaddr));
Thus a single inetd will chroot to /chrootdir/192.168.1.* as appropriate.
For the main IP of the machine, symlink /chrootdir/a.b.c.d -> /
For the system binaries, you can copy them (lots of disk needed)
hardlink them, or NFS mount
localhost:/template/system /chrootdir/a.b.c.e/system
symlink chrootdir/a.b.c.e/bin -> system/bin
etc
Danny
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980812164414.22620B-100000>