pete wrote: [snip] >>> Other part of this message I would like to ask about chroot >>> > capabilities inside peruser. Is anyone using this feature in production? > >>> I try it quickly but it of course want /bin /etc so on. >>> Anybody have good list about files it needs? >>> >>> >> You can just add a base install; that will have all files it wants at >> > least. And without sensitive data. > >> Note that you might also want to install php (etc) to that chroot, >> > because it depends on it's own libs ;) > > Yea. But this environment is shared-web-hosting and everyone has quota. > So if i install everyone base-install I'm going to lose about 25GB disc > space, right? Not an option :) > And nope. I don't want to install PHP and so on to every customer. > You can hardlink the base for all customers, or use unionfs and/or nullfs. > > > >>> Sites actually working good, but it need at least /etc/hosts. >>> >>> >> I think it want /etc/resolv.conf even more ;) >> > > Tested before first message. Don't do the trick. I read some where that it > need some library. > > >>> And it looks like it does not support DNS at all. I guess it need some >>> > shared lib? > >>> Is there anyway to go around mysqld.sock errors. >>> that sock of course is in /var/run/mysql and after chroot user has no >>> > right to go outside chroot. I could do hard-link, but every time i reboot > apache i needed todo that hard-link again. Not an option :/ > >> Can't you add the hardlink commands to the mysqld (not apache ;)) >> > startup scripts ? > > Typo there :) Sure i can, but dude. There's about 200-250 customers / > server. > You also have to create 250 dirs to chroot them in, you also need to have all base files 250x in there. You also need to run a few apache processes in every chroot for every customer. You might even need 250, or even better: 500 (unionfs and nullfs) mounts. That argument really sucks. > Besides that, it's kind of sound like noob system.. > I'll give you a few beers if you can solve it without doing anything 250 times.
-- Jille > Regards, > Pete > > _______________________________________________ > Peruser mailing list > [email protected] > http://www.telana.com/mailman/listinfo/peruser > _______________________________________________ Peruser mailing list [email protected] http://www.telana.com/mailman/listinfo/peruser
