I would suggest www.freevsd.org, because what you need is complete
compartmentalization.
F?lix C.Courtemanche ([EMAIL PROTECTED]) was saying:
> Hello,
>
> I couldn't find any occurance of this question in the archives, but if it
> does exists, please forward me to it.
>
> I have been working on a set of Administration Tools for commercial web
> hosting companies for quite some times. Lately I have been trying to figure
> out the MOST secure way to host multiple accounts on the same server, with
> mod_perl enabled AS FAST AS POSSIBLE.
>
> In the best world, I would have the possibility of:
> - Restricting the opened files by any .pl script to the user's base
> directory.
> - Allowing custom shell commands or not
> - Setting a maximum execution time for a script
>
> The first directive would be used to prevent anyone from reading the source
> of another program, wich would allow someone to grab the sensitive data
> stored in configuration files, such as Database Passwords, etc. It is the
> MOST important of all and I really must find a solution. I previously saw
> some perl wrapper that would only allow files owned by the script's owner to
> be read. However, that wrapper greatly reduced the execution speed of .pl
> and it was not that effective. Any suggestions?
>
> The second directive would allow me to specify wether or not a user can run
> commands that would be passed as shell OR specify what paths are available
> (only /usr/bin for example)
>
> Finally, the third directive would allow me to kill any script running for
> too long or using too much CPU.
>
> I understand that there is probably no tool to do all of it, but if I can
> gather the tools to make it as effective as possible, it would be really
> usefull for me and others.
>
> Please don't tell me to monitor the user's scripts, since that is almost
> impossible to do when you have more than 10 sites to monitor, wich will
> happen quickly :)
>
> Any other tips and tricks to improve the security of mod_perl is greatly
> appreciated as well.
>
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> Félix C.Courtemanche . Head Designer
> Co-Administrator . Can-Host Networks
> http://www.can-host.com
> [EMAIL PROTECTED]
>
>
--
[EMAIL PROTECTED]
"With pain comes clarity."
