From owner-freebsd-isp Tue Aug 11 23:54:06 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA01478 for freebsd-isp-outgoing; Tue, 11 Aug 1998 23:54:06 -0700 (PDT) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from enya.hilink.com.au (enya.hilink.com.au [203.8.14.116]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA01429 for ; Tue, 11 Aug 1998 23:54:01 -0700 (PDT) (envelope-from danny@enya.hilink.com.au) Received: from localhost (danny@localhost) by enya.hilink.com.au (8.8.8/8.8.7) with SMTP id QAA22967; Wed, 12 Aug 1998 16:53:05 +1000 (EST) (envelope-from danny@enya.hilink.com.au) Date: Wed, 12 Aug 1998 16:53:05 +1000 (EST) From: "Daniel O'Callaghan" To: Scot Elliott cc: John Prince , freebsd-isp@FreeBSD.ORG, johnp@vwebpage.com Subject: Re: Virtual Server In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 8 Aug 1998, Scot Elliott wrote: > I've been thinking about this recently too. My conclustion is that > something like xinetd (see ports) which allows addresses to be bound to is > the way to go. Run multiple xinetd processes, one for each domain - each > one chrooted to the domain root. Make sure each service in each file only > binds to the correct address. Then, telnet/ftp etc connections will also > be restricted to that root. > > Comments anyone? I found it fairly easy to hack inetd to force a chroot to the result of sprintf("/chrootdir/%s", inet_ntoa(socketaddr)); Thus a single inetd will chroot to /chrootdir/192.168.1.* as appropriate. For the main IP of the machine, symlink /chrootdir/a.b.c.d -> / For the system binaries, you can copy them (lots of disk needed) hardlink them, or NFS mount localhost:/template/system /chrootdir/a.b.c.e/system symlink chrootdir/a.b.c.e/bin -> system/bin etc Danny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message