newbie vserver/auth question.
robert at linuxfromscratch.org
Mon Mar 28 07:10:14 PST 2005
On March 27, 2005 12:15 pm, Japie wrote:
> After some suxsesfull lfs builds whereoff one is my server wich is in the
> air now for 1.5 year without being hacked, I'am going to replace it with
> am ppc based server and since it's the only ppc in the house I realle not
> want that machine to be hacked.
> So I read the hlfs book and it looks promising but still some questions
> remains, doo they seem to be more bhlfs related.
> First problem is, will I build and use servers (apache, postfix, samba)
> the normal way (chrooted if possible, else yust as they are) or will I use
> vserver? (I never used it, but yust read the page and it sounds promising
> and safe)
> Since I'am not really into security I was hoping to get some feedback
> about this here.
> Is vserver really a solution?
I've never used vserver. There's a few homepages for it so I'm not sure if
they are all for the same thing. It looks alright. It looks like a user
chroot environment with firewall integration.
It's best to have services that handle virtual users. I think cvs can do this,
I'm not sure if apache can. Most services rely on unix permissions, for user
read/write rights. If the service can handle this itself, then the user has
much less access to the system while still being able to do what they need to
do. The service would need some database to handle this, services like apache
don't, but they could in theory.
The main short-coming with normal chroot's is that the users inside them are
still real and have real user accounts.
I'm not very familiar with LDAP and PAM, so I don't know how to comment on
More information about the hlfs-dev