From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Wed 04 May 2005 - 23:42:13 BST
On Wed, May 04, 2005 at 07:42:38PM +0200, Arjen wrote:
> On 4/5/05 5:02 pm, "Herbert Poetzl" <herbert_at_13thfloor.at> wrote:
> > On Wed, May 04, 2005 at 02:32:59PM +0200, Arjen wrote:
> >> On Wed, 4 May 2005, Herbert Poetzl wrote:
> >>> On Tue, May 03, 2005 at 06:24:11PM +0200, Arjen wrote:
> >>>> ssh. Ever tried to ssh from one vserver to another vserver? Or started a
> >>>> screen session inside a vserver? I think the problem has something to do
> >>> hmm, did you verify that your user is in the 'tty' group?
> >> Ok, i've got things working, ssh by adding it to the tty group and screen
> >> by making it sgid. But, again, i don't think this is the real solution, in
> >> my host a normal user doesn't need to be in the tty group to be able to
> >> ssh, or screen doesn't need the sgid bit set to work in the host.
> > well, hey this is a security feature, feel free to change
> > the permissions of the pts mount to use insecure rw for
> > all ... sgid for screen should not be required, if your
> > user is in the tty group ...
> > (check with changing the tty with chmod a+rw /dev/tty* )
> Aha, ok, sorry for my lack of knowledge here, but I assumed the environment
> should be the same as in the host. Logical question, is it 'normal' that the
> host has a+rw and the guests don't?
guess it really depends on the security level of the host
(i.e. if your security is tighter, you will put more things
into specific groups like tty, cdwrite, ...)
> >>>> with /dev/tty*,
> >>>> crw-rw---- 1 root tty 5, 0 Mar 4 14:39 /dev/tty (inside the vserver)
> >>>> Compare it with /dev/tty in the host,
> >>>> crw-rw-rw- 1 root tty 5, 0 May 1 22:32 /dev/tty (in the host)
> >> I'm running Gentoo, 22.214.171.124-grsec-vs1.9.5 on an amd64,
> >> util-vserver-0.30.204.
> > be carefult to use 64bit userspace for the tools, and
> > a nicely patched up dietlibc ...
> > (unless you are running it with a 32bit kernel ;)
> ATM I'm happily running 3 to 5 vservers, 3 of them replaced 2 actual
> computers! Much less noise ;) and I could finally separate things. It's
> running in a (I'm not sure if this is gentoo specific) multilib environment,
> not pure 64bit but it al looks pretty solid, no real problems, the vservers
> are doing their work nicely. IOW thanx guys! :)
> Vserver mailing list
Vserver mailing list