Hello,
I would like to have users on a zone, but we use pidentd to control some
network connections.
It seems that pidentd doesn not work on zones as it can't open kmem.
Is there any way to make it work ?
f.g.
___
zones-discuss mailing list
zones-d
[EMAIL PROTECTED] writes:
> I would like to have users on a zone, but we use pidentd to control some
> network connections.
> It seems that pidentd doesn not work on zones as it can't open kmem.
>
> Is there any way to make it work ?
Essentially, no.
Opening /dev/kmem in the zone wouldn't be a
James Carlson <[EMAIL PROTECTED]>
> Cc: zones-discuss@opensolaris.org
> Date: Fri, 04 May 2007 07:04:14 EDT
> Subject: Re: [zones-discuss] pidentd
>[EMAIL PROTECTED] writes:
>> I would like to have users on a zone, but we use pidentd to control some
>> network connections.
>> It seems that piden
>
>That's a real pain as that prevent us to use zones as hosting servers for
>users :
>- we are a school and we just want to identify connections. Starting with mail
>sending.
>Zones would break our identification model.
>It would be real nice if some solution could be found.
I've done some
[EMAIL PROTECTED] writes:
> I've done some work on pidentd prior to the new IP instances code using the
> ability to intercept calls for all zones in the global zone with the
> SO_ALLZONES socket option (which may not work anymore after the IP
> instances putback)
Nifty!
Not sure about the socke
>Not sure about the socket option (should still work ... ?), but IP
>Instances did nuke the symbols that pidentd was reading out of the
>kernel, so that utility is now broken.
I also have no idea about that option and how it is affected by the
IP instances project. I am assuming it is now "per-
[EMAIL PROTECTED] writes:
> >I'd sort of like to know how it does that reliably ... does it fork
> >and enter the zone?
>
> It does not resolve names local to the local zones; but it can easily
> find all the appropriate uids and processes. No different from traditional
> Solaris with multiple in
>[EMAIL PROTECTED] writes:
>> >I'd sort of like to know how it does that reliably ... does it fork
>> >and enter the zone?
>>
>> It does not resolve names local to the local zones; but it can easily
>> find all the appropriate uids and processes. No different from traditional
>> Solaris with mul
Hi Bernd,
That is interesting, both in good and bad ways.
That method weakens the security of the system.
For example, if the global zone's root user has /usr/local in its $PATH, a
non-global zone root user could insert a trojan horse into an existing script
or program in /usr/local.
This a
Jeff,
If there is a link pointing from /usr/local to /_usr_local, this link will be
present in each zone and pointing to directory _usr_local in the / file system
of that zone only.
Example: After logging in to local zone z_01 (with zonepath /zone/z_01) and
creating a file /usr/local/test1,
Oh. I though that pidentd was supposed to resolve UIDs locally.
That's one of the features of the protocol; it provides "here's who
*I* think the user is" information back to the requester.
Of course, that's why I thought IDENT was a fairly bogus mechanism
since you're asking the remote system
>> Oh. I though that pidentd was supposed to resolve UIDs locally.
>> That's one of the features of the protocol; it provides "here's who
>> *I* think the user is" information back to the requester.
>
>Of course, that's why I thought IDENT was a fairly bogus mechanism
>since you're asking the rem
[EMAIL PROTECTED] writes:
> > Oh. I though that pidentd was supposed to resolve UIDs locally.
> > That's one of the features of the protocol; it provides "here's who
> > *I* think the user is" information back to the requester.
>
> Of course, that's why I thought IDENT was a fairly bogus mechanis
Le 4 mai 07 à 19:34, [EMAIL PROTECTED] a écrit :
Oh. I though that pidentd was supposed to resolve UIDs locally.
That's one of the features of the protocol; it provides "here's who
*I* think the user is" information back to the requester.
Of course, that's why I thought IDENT was a fairly
HI All, I have a problem in that my application needs to write things to the
/usr/lib/* directories. However, on the Zone, it's READ ONLY.
Is there anyway I can make the /usr/lib/* a normal rwx directory?
Thank you for your help.
SB
This message posted from opensolaris.org
James Carlson wrote:
[EMAIL PROTECTED] writes:
I would like to have users on a zone, but we use pidentd to control some
network connections.
It seems that pidentd doesn not work on zones as it can't open kmem.
Is there any way to make it work ?
Essentially, no.
Opening /dev/kmem in the zone
Hello,
Can some one shed some light on pros/cons on various ways of mounting a file
system onto local zone ? I believe there are four different ways to mount a
device/file system on loca zone as per the below url, but it is not very clear
how they are different.
http://www.sun.com/bigadmin/fea
You need a "Whole Root Zone" (no sharing) instead of a "Sparse Root Zone"...
I think you can control the sharing between the global zone and the
non-global zone by using setting "inherit-pkg-dir":
http://www.solarisinternals.com/wiki/index.php/Zones
Rayson
On 5/4/07, Jazz Geek <[EMAIL PROTE
18 matches
Mail list logo