Date: Tue, 9 May 2006 11:36:45 -0400 From: Anish Mistry <mistry.7@osu.edu> To: freebsd-questions@freebsd.org Cc: Michael Grant <mgrant@grant.org> Subject: Re: jails or chroot? Message-ID: <200605091136.52611.mistry.7@osu.edu> In-Reply-To: <62b856460605090524m11ed2afxda3ee0841f7db62f@mail.gmail.com> References: <62b856460605090453o24f7de34ka71fffa392bfdedb@mail.gmail.com> <b2807d040605090458o6c53d829ic066c1c78f320356@mail.gmail.com> <62b856460605090524m11ed2afxda3ee0841f7db62f@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1428528.BTj351Hh4a Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 09 May 2006 08:24, Michael Grant wrote: > I'll try to be more explicit on my requirements. I'm not worried > about mail. I'm mostly worried about web. Each client has a web > site with one or more domains. I currently offer them > apache+php+mysql+mod_perl+mod_ssl. One of them needs java server > pages, tomcat I think. Everyone gets access to their own logs and > to geolizer (webalizer). Some clients would like shell access.=20 > Most clients write their web site using ftp. Certain ones need > also the MS Front Page Extensions. Some clients want an ftp upload > area. Ssl poses a special problem in that I need to allocate an ip > address for those who have their own ssl certificate. It's pretty > much all standard stuff. I use suphp with apache in a mass hosting configuration for about 50=20 websites to take care of the php access issues. You'll need to setup=20 the ACLs correctly so there is no snooping. I then use scponly to=20 allow chrooted sftp access to their web directories. Webalizer logs=20 are automatically generated an placed in their chrooted directory for=20 download. As for shell access I don't allow it. If people want easy command=20 line access I just tell use sshfs on FreeBSD or Linux. The Windows=20 and Mac users don't care about shell access. =46or the Tomcat, Frontpage, and SSL users just setup jails for them. =20 With the inclusion of mergemaster -u subsequent base system upgrades=20 are much less painful. Using null mounts for the common areas should=20 lessen the version sync issues. Once unionfs is stable again, you=20 could just use one jail as a base image and allow the others to be=20 cloned off of that. Hopefully some of the above helps you in your situation. > > But yes, I totally agree with you, it is an administration > nightmare to set up separate jails and keep track of which has > which version of what and so on. There must be an easier way to do > this. Some of you folks who run hosting sites, how do you manage > large numbers of clients? > > Michael Grant > > On 5/9/06, Subhro <subhro.kar@gmail.com> wrote: > > On 5/9/06, Michael Grant <mg-fbsd3@grant.org> wrote: > > > I host a bunch of websites on my box. Recently I had some > > > problems with file access problems with php which caused me to > > > look into putting each of my clients into their own jail or > > > chroot. I have roughly 100 different domains I'd need to > > > split. > > > > I won't be doing this even if someone pays me twice for doing it. > > This is going to create a HELL lot of problems later on, > > especially during upgrades. > > > > BTW can you tell us your exact requirements? > > > > Thanks and Best Regards > > Subhro > > > > -- > > Subhro Kar > > Security Engineer > > iViZ Techno Solutions Pvt. Ltd. > > eRevMax House, 1st Floor > > Plot XI-16, Sector V > > Salt Lake City > > 700091 > > India > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" =2D-=20 Anish Mistry --nextPart1428528.BTj351Hh4a Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQBEYLcUxqA5ziudZT0RApAkAKDZvpOlvRssXvVkwij+ftQQJh+1uwCg0SOD T4BVCSZal6gl+uMlpnpkrD0= =Q2H+ -----END PGP SIGNATURE----- --nextPart1428528.BTj351Hh4a--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605091136.52611.mistry.7>