thespis
asked on
Linux w/ Apache - Bind / chroot idea - need fast help!
I am running a dedicated web server w/ Linux & Apache. I am trying to setup a way to give each IP address on my box their own minimal version of files such as httpd.conf, passwd, etc. so that each IP is for the MOST part, it's own entity, even if it shares the hard drive with 20 others.
My initial idea is to somehow bind each service to a single IP and have any login services chrooted before they check the passwd file.
Apache should be easily configurable by setting the BindAddress option in the httpd.conf to an IP.
I am looking for someone who can help me set this up pronto... If the points aren't enough, web hosting or website submission services are easily available for compensation....
Please contact via email if you have the time to help me set this up... I need something working right away!
Terrence R. Williams
Virtual Magic Technologies
My initial idea is to somehow bind each service to a single IP and have any login services chrooted before they check the passwd file.
Apache should be easily configurable by setting the BindAddress option in the httpd.conf to an IP.
I am looking for someone who can help me set this up pronto... If the points aren't enough, web hosting or website submission services are easily available for compensation....
Please contact via email if you have the time to help me set this up... I need something working right away!
Terrence R. Williams
Virtual Magic Technologies
ASKER
The goal is to let each IP'd host set their own httpd.conf, their own passwd, etc. The application is web hosting. We have a dedicated Linux box w/ 8GB hard drive. To allow only 1 person on the entire hard drive to have the POP address "webmaster" would be entirely too hard to explain to customers who want things their way.
As for impossible, I don't believe that. My previous host had a Linux box running in this fashion. I had a set of system files in my partition. There were no conflicts between myself and other groups on the hard drive.
I just don't know how they did it....
As for impossible, I don't believe that. My previous host had a Linux box running in this fashion. I had a set of system files in my partition. There were no conflicts between myself and other groups on the hard drive.
I just don't know how they did it....
well, if it is simply to set up the following:
- a web site for a customer
- guarantee this customer ftp access to, and only to, HIS web-files (without even seeing the others). this includes giving each a different login w/ password
- give each customer it's own "webmaster" (note: they must have different domains, ie. webmaster@customer1.com and webmaster@customer2.com)
- change everything so that the customer does not get in contact/confusion with others on the same system
this is what most webproviders (as we) do. this is not a problem and we (I) will tell you everything you need to do. but as for the point to give each user "it's own passwd and system files" it is not possible on a "standard" unix system. i'm not talking about it to be impossible (even if there is still no reason to do so).
- a web site for a customer
- guarantee this customer ftp access to, and only to, HIS web-files (without even seeing the others). this includes giving each a different login w/ password
- give each customer it's own "webmaster" (note: they must have different domains, ie. webmaster@customer1.com and webmaster@customer2.com)
- change everything so that the customer does not get in contact/confusion with others on the same system
this is what most webproviders (as we) do. this is not a problem and we (I) will tell you everything you need to do. but as for the point to give each user "it's own passwd and system files" it is not possible on a "standard" unix system. i'm not talking about it to be impossible (even if there is still no reason to do so).
if you want to set up multiple hosts like
www.customer1.com
www.customer2.com
...
on the same machine, along with
webmaster@customer1.com
webmaster@customer2.com
...
there is no problem
www.customer1.com
www.customer2.com
...
on the same machine, along with
webmaster@customer1.com
webmaster@customer2.com
...
there is no problem
Well, I think I can see the utility in doing this...the howto may be a bit more difficult though. A wrapper for telnet (or whatever else you allow them to login with) that checks the incoming IP address and does the chroot before actually handing the connection over to the requested daemon might work. Might be able to run multiple chrooted Apaches too...this would allow individual configurations...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
as for logins it is not possible on a standard unix system to have what you'd like. it *could be* possible on bigger systems, which will let you run multiple os's (unix's).
i know of no case, where this would be usefull. perhaps if you could tell us what your intentions/requirements are, it would be easier to suggest other solutions.
if you want to let different *ftp-users* see only their homedirectory as root, this is possible, as you will know.
as for apache, you are right. you may either use BindAddress for multiple webservers or VirtualHost for a single webserver.