newbie vserver/auth question.

Robert Connolly robert at linuxfromscratch.org
Mon Mar 28 07:10:14 PST 2005


On March 27, 2005 12:15 pm, Japie wrote:
> Hello,
>
> Introduction:
> After some suxsesfull lfs builds whereoff one is my server wich is in the
> air now for 1.5 year without being hacked, I'am going to replace it with
> am ppc based server and since it's the only ppc in the house I realle not
> want that machine to be hacked.
>
> So I read the hlfs book and it looks promising but still some questions
> remains, doo they seem to be more bhlfs related.
>
> First problem is, will I build and use servers (apache, postfix, samba)
> the normal way (chrooted if possible, else yust as they are) or will I use
> vserver? (I never used it, but yust read the page and it sounds promising
> and safe)
> Since I'am not really into security I was hoping to get some feedback
> about this here.
> Is vserver really a solution?

I've never used vserver. There's a few homepages for it so I'm not sure if 
they are all for the same thing. It looks alright. It looks like a user 
chroot environment with firewall integration.

It's best to have services that handle virtual users. I think cvs can do this, 
I'm not sure if apache can. Most services rely on unix permissions, for user 
read/write rights. If the service can handle this itself, then the user has 
much less access to the system while still being able to do what they need to 
do. The service would need some database to handle this, services like apache 
don't, but they could in theory.

The main short-coming with normal chroot's is that the users inside them are 
still real and have real user accounts.

I'm not very familiar with LDAP and PAM, so I don't know how to comment on 
them.

robert



More information about the hlfs-dev mailing list