From: klavs klavsen (kl_at_vsen.dk)
Date: Fri 15 Feb 2002 - 13:33:41 GMT
On Fri, 2002-02-15 at 14:06, Vlad wrote:
> That was bad wording on my part; I was talking about basis for vserver,
> not chroot. You are right, you can chroot bind easilly
> (http://www.linux.org/docs/ldp/howto/Chroot-BIND8-HOWTO.html) but that
> requires hacking the source a bit.
> The reason it works for bastille is because they chroot bind, they
> don't create a separate server for it. So in order to allow someone to
> administer the service you have to give them an account on the root
> server.. and there is no way to use that to run multiple name servers on
> the same machine, just makes sure that if your bind gets hacked they don't
> get rootshell.
Yup. And that's what I wanted under each vserver (with a seperate IP for
each vserver).. so that when I have my 6 vservers, each service on the
vserver is protected against holes in the other services.. and I don't
want to run 1 service on each vserver. :-(
I don't understand what you mean by binding chroot to a
> port... but it doesn't sound pretty..
-- Regards, Klavs Klavsen
-------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant kl_at_vsen.dk - http://www.vsen.dk
Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA Fingerprint = A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter