From owner-freebsd-questions@FreeBSD.ORG Tue May 9 15:36:46 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 874D516A514 for ; Tue, 9 May 2006 15:36:46 +0000 (UTC) (envelope-from mistry.7@osu.edu) Received: from mail.united-ware.com (am-productions.biz [69.61.164.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id DD56743D5A for ; Tue, 9 May 2006 15:36:39 +0000 (GMT) (envelope-from mistry.7@osu.edu) Received: from [192.168.1.100] (am-productions.biz [69.61.164.22]) (authenticated bits=0) by mail.united-ware.com (8.13.4/8.13.4) with ESMTP id k49Fc4mn011165 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 9 May 2006 11:38:10 -0400 (EDT) (envelope-from mistry.7@osu.edu) From: Anish Mistry To: freebsd-questions@freebsd.org Date: Tue, 9 May 2006 11:36:45 -0400 User-Agent: KMail/1.9.1 References: <62b856460605090453o24f7de34ka71fffa392bfdedb@mail.gmail.com> <62b856460605090524m11ed2afxda3ee0841f7db62f@mail.gmail.com> In-Reply-To: <62b856460605090524m11ed2afxda3ee0841f7db62f@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1428528.BTj351Hh4a"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200605091136.52611.mistry.7@osu.edu> X-Spam-Status: No, score=-5.5 required=5.0 tests=ALL_TRUSTED,BAYES_50, MYFREEBSD2 autolearn=failed version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on mail.united-ware.com X-Virus-Scanned: ClamAV 0.88.1/1451/Mon May 8 19:27:49 2006 on mail.united-ware.com X-Virus-Status: Clean Cc: Michael Grant Subject: Re: jails or chroot? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 May 2006 15:36:49 -0000 --nextPart1428528.BTj351Hh4a Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 09 May 2006 08:24, Michael Grant wrote: > I'll try to be more explicit on my requirements. I'm not worried > about mail. I'm mostly worried about web. Each client has a web > site with one or more domains. I currently offer them > apache+php+mysql+mod_perl+mod_ssl. One of them needs java server > pages, tomcat I think. Everyone gets access to their own logs and > to geolizer (webalizer). Some clients would like shell access.=20 > Most clients write their web site using ftp. Certain ones need > also the MS Front Page Extensions. Some clients want an ftp upload > area. Ssl poses a special problem in that I need to allocate an ip > address for those who have their own ssl certificate. It's pretty > much all standard stuff. I use suphp with apache in a mass hosting configuration for about 50=20 websites to take care of the php access issues. You'll need to setup=20 the ACLs correctly so there is no snooping. I then use scponly to=20 allow chrooted sftp access to their web directories. Webalizer logs=20 are automatically generated an placed in their chrooted directory for=20 download. As for shell access I don't allow it. If people want easy command=20 line access I just tell use sshfs on FreeBSD or Linux. The Windows=20 and Mac users don't care about shell access. =46or the Tomcat, Frontpage, and SSL users just setup jails for them. =20 With the inclusion of mergemaster -u subsequent base system upgrades=20 are much less painful. Using null mounts for the common areas should=20 lessen the version sync issues. Once unionfs is stable again, you=20 could just use one jail as a base image and allow the others to be=20 cloned off of that. Hopefully some of the above helps you in your situation. > > But yes, I totally agree with you, it is an administration > nightmare to set up separate jails and keep track of which has > which version of what and so on. There must be an easier way to do > this. Some of you folks who run hosting sites, how do you manage > large numbers of clients? > > Michael Grant > > On 5/9/06, Subhro wrote: > > On 5/9/06, Michael Grant wrote: > > > I host a bunch of websites on my box. Recently I had some > > > problems with file access problems with php which caused me to > > > look into putting each of my clients into their own jail or > > > chroot. I have roughly 100 different domains I'd need to > > > split. > > > > I won't be doing this even if someone pays me twice for doing it. > > This is going to create a HELL lot of problems later on, > > especially during upgrades. > > > > BTW can you tell us your exact requirements? > > > > Thanks and Best Regards > > Subhro > > > > -- > > Subhro Kar > > Security Engineer > > iViZ Techno Solutions Pvt. Ltd. > > eRevMax House, 1st Floor > > Plot XI-16, Sector V > > Salt Lake City > > 700091 > > India > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" =2D-=20 Anish Mistry --nextPart1428528.BTj351Hh4a Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQBEYLcUxqA5ziudZT0RApAkAKDZvpOlvRssXvVkwij+ftQQJh+1uwCg0SOD T4BVCSZal6gl+uMlpnpkrD0= =Q2H+ -----END PGP SIGNATURE----- --nextPart1428528.BTj351Hh4a--