<div dir="ltr"><div class="gmail_default" style="font-family:courier new,monospace">Lemme know when you do that, I might be able to lend assistance. There is plenty of documentation online for working with Zones, and while I'm not an expert with it, I'll help you out. :)</div>

</div><div class="gmail_extra"><br clear="all"><div><div dir="ltr"><font face="courier new, monospace">" ' With the first link, the chain is forged. The first speech censured, the first thought forbidden, the first freedom denied, chains us all irrevocably.' Those words were uttered by Judge Aaron Satie as wisdom and warning... The first time any man's freedom is trodden on we’re all damaged." - Jean-Luc Picard, quoting Judge Aaron Satie, Star Trek: TNG episode "The Drumhead"<br>

- Alex Smith<br>- Dulles Technology Corridor (Chantilly/Ashburn/Dulles), Virginia USA</font></div></div>
<br><br><div class="gmail_quote">On Mon, Mar 17, 2014 at 1:35 PM, William Roush <span dir="ltr"><<a href="mailto:william.roush@roushtech.net" target="_blank">william.roush@roushtech.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    <div>I really need to brush up on running a
      UIless Solaris box, we got a Nexenta system at work and I'm
      tempted to run with an Illumos system in my homelab when I get
      around to doing that...<div class=""><br>
      <pre cols="72">William Roush
<a href="mailto:william.roush@roushtech.net" target="_blank">william.roush@roushtech.net</a>
<a href="tel:423-463-0592" value="+14234630592" target="_blank">423-463-0592</a>

<a href="http://www.roushtech.net/blog/" target="_blank">http://www.roushtech.net/blog/</a>


</pre></div><div><div class="h5">
      On 3/17/2014 11:44 AM, Alex Smith (K4RNT) wrote:<br>
    </div></div></div><div><div class="h5">
    <blockquote type="cite">
      <div dir="ltr">
        <div class="gmail_default" style="font-family:courier new,monospace">I'd just use Solaris Zones, it creates a
          completely compartmentalized operating system zone, so that
          even if someone *does* manage to compromise the account
          through... say a buggy version of WordPress, the rest of the
          system, and other users, would not be compromised.</div>
        <div class="gmail_default" style="font-family:courier new,monospace"><br>
        </div>
        <div class="gmail_default" style="font-family:courier new,monospace">This feature is also available on the Illumos
          (nee OpenSolaris) distributions, including OmniOS, SmartOS,
          OpenIndiana, OpenSXCE, Martux, Nexenta, etc.</div>
        <div class="gmail_default" style="font-family:courier new,monospace"><br>
        </div>
      </div>
      <div class="gmail_extra"><br clear="all">
        <div>
          <div dir="ltr"><font face="courier new, monospace">" ' With
              the first link, the chain is forged. The first speech
              censured, the first thought forbidden, the first freedom
              denied, chains us all irrevocably.' Those words were
              uttered by Judge Aaron Satie as wisdom and warning... The
              first time any man's freedom is trodden on we’re all
              damaged." - Jean-Luc Picard, quoting Judge Aaron Satie,
              Star Trek: TNG episode "The Drumhead"<br>
              - Alex Smith<br>
              - Dulles Technology Corridor (Chantilly/Ashburn/Dulles),
              Virginia USA</font></div>
        </div>
        <br>
        <br>
        <div class="gmail_quote">On Mon, Mar 17, 2014 at 11:31 AM,
          Benjamin Stewart <span dir="ltr"><<a href="mailto:stewartbenjamin@gmail.com" target="_blank">stewartbenjamin@gmail.com</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="ltr">
              <div>>From my experience, anyway, you
                basically have to create an entire mini-Linux system in
                the chroot in order to provide the functionality for
                users to be able to login (SSH binaries and their
                dependencies, etc....).<br>
                <br>
              </div>
              One technique I've heard of (but haven't tried) is to
              create one "mini-Linux" master directory, and then link to
              it for each jail. That way there's only one place to
              update. <br>
            </div>
            <div class="gmail_extra">
              <div>
                <div><br>
                  <br>
                  <div class="gmail_quote">On Mon, Mar 17, 2014 at 10:43
                    AM, David White <span dir="ltr"><<a href="mailto:dwrudy@gmail.com" target="_blank">dwrudy@gmail.com</a>></span>
                    wrote:<br>
                    <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                      <div dir="ltr">I've also always had issues with
                        chroot, mainly because the chroot leads to a
                        major headache in keeping system files
                        up-to-date. From my experience, anyway, you
                        basically have to create an entire mini-Linux
                        system in the chroot in order to provide the
                        functionality for users to be able to login (SSH
                        binaries and their dependencies, etc....).
                        <div>
                          <br>
                        </div>
                        <div>chroot 700 isn't a bad idea, except that
                          both Apache and the User needs to be able to
                          read the files. Maybe I could play around with
                          groups and group memberships, though....
                          that's not a bad idea.</div>
                      </div>
                      <div>
                        <div>
                          <div class="gmail_extra"><br>
                            <br>
                            <div class="gmail_quote">On Mon, Mar 17,
                              2014 at 10:26 AM, William Roush <span dir="ltr"><<a href="mailto:william.roush@roushtech.net" target="_blank">william.roush@roushtech.net</a>></span>
                              wrote:<br>
                              <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                <div bgcolor="#FFFFFF" text="#000000">
                                  <div>I've always had some problems
                                    with chroot and it's
                                    (understandable) permission
                                    limitations...<br>
                                    <br>
                                    Mainly with a deploy which a user
                                    can edit their chrooted folder, and
                                    not sub folders of the chroot, leads
                                    to headaches because I have to
                                    support changes in workflow to
                                    handle that.<br>
                                    <pre cols="72">William Roush
<a href="mailto:william.roush@roushtech.net" target="_blank">william.roush@roushtech.net</a>
<a href="tel:423-463-0592" value="+14234630592" target="_blank">423-463-0592</a>

<a href="http://www.roushtech.net/blog/" target="_blank">http://www.roushtech.net/blog/</a>


</pre>
                                    <div>
                                      <div> On 3/17/2014 10:21 AM, Ed
                                        King wrote:<br>
                                      </div>
                                    </div>
                                  </div>
                                  <div>
                                    <div>
                                      <blockquote type="cite">
                                        <div style="font-size:10pt;font-family:times new roman,new york,times,serif">give each
                                          sftp user their own chroot
                                          folder<br>
                                          <div><span><br>
                                            </span></div>
                                          <div><br>
                                          </div>
                                          <div style="font-family:times new roman,new york,times,serif;font-size:10pt">
                                            <div style="font-family:times new roman,new york,times,serif;font-size:12pt">
                                              <div dir="ltr">
                                                <hr size="1"> <font face="Arial"> <b><span style="font-weight:bold">From:</span></b> David White <a href="mailto:dwrudy@gmail.com" target="_blank"><dwrudy@gmail.com></a><br>


                                                  <b><span style="font-weight:bold">To:</span></b>
                                                  Chattanooga Unix Gnu
                                                  Android Linux Users
                                                  Group <a href="mailto:chugalug@chugalug.org" target="_blank"><chugalug@chugalug.org></a>
                                                  <br>
                                                  <b><span style="font-weight:bold">Sent:</span></b>
                                                  Monday, March 17, 2014
                                                  9:55 AM<br>
                                                  <b><span style="font-weight:bold">Subject:</span></b>
                                                  Re: [Chugalug] Running
                                                  multi sites on one(non
                                                  virt) machine<br>
                                                </font> </div>
                                              <div><br>
                                                <div>
                                                  <div dir="ltr">I'm
                                                    digging up an old
                                                    thread. Originally,
                                                    I searched my
                                                    Chugalug archives
                                                    for OSSEC, but this
                                                    email thread
                                                    (ironically) brings
                                                    up the real reason I
                                                    was searching for
                                                    OSSEC - figuring out
                                                    a better way to
                                                    secure my shared
                                                    webserver
                                                    infrastructure. 
                                                    <div> <br>
                                                    </div>
                                                    <div>Because right
                                                      now, the single
                                                      shared server I
                                                      operate is
                                                      anything but
                                                      secure other than
                                                      a few scripts
                                                      monitoring for
                                                      file hash changes
                                                      and having
                                                      password auth
                                                      turned off, only
                                                      relying on
                                                      key-based auth,
                                                      and blocking IP
                                                      addresses that
                                                      repeatedly try to
                                                      brute force the
                                                      machine (I also
                                                      manage dedicated
                                                      servers which is
                                                      obviously much
                                                      more preferable,
                                                      security-wise).
                                                      <div> <br>
                                                      </div>
                                                      <div>I really need
                                                        a way to
                                                        separate
                                                        permissions and
                                                        visibility from
                                                        1 user's
                                                        directory to
                                                        another's (user
                                                        X shouldn't be
                                                        able to see user
                                                        Y's stuff when
                                                        they login via
                                                        sFTP). Even
                                                        though I have my
                                                        user's stuff
                                                        separated in
                                                        different
                                                        directories, any
                                                        user - if they
                                                        wanted to and
                                                        knew how, could
                                                        navigate <u>up</u> the
                                                        directory tree
                                                        and then over
                                                        into another
                                                        user's folder. </div>
                                                      <div><br>
                                                      </div>
                                                      <div>Permissions
                                                        are set so that
                                                        they can't
                                                        actually edit
                                                        the files, but
                                                        reading the
                                                        files is bad
                                                        enough... This
                                                        has always been
                                                        in the back of
                                                        my mind as an
                                                        issue I need to
                                                        deal with - and
                                                        I hate cPanel,
                                                        and refuse to
                                                        use it.</div>
                                                      <div><br>
                                                      </div>
                                                      <div>I'll take a
                                                        look at the
                                                        Webmin idea, as
                                                        well as Apache
                                                        vhosts... I
                                                        think I remember
                                                        looking into
                                                        that a year or
                                                        two ago, and not
                                                        getting anywhere
                                                        with it. I'll
                                                        try another
                                                        attempt.</div>
                                                      <div><br>
                                                      </div>
                                                    </div>
                                                  </div>
                                                  <div><br>
                                                    <br>
                                                    <div>On Mon, Jun 24,
                                                      2013 at 10:50 AM,
                                                      Matt Keys <span dir="ltr"><<a rel="nofollow" href="mailto:mk6032@yahoo.com" target="_blank">mk6032@yahoo.com</a>></span>
                                                      wrote:<br>
                                                      <blockquote style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                                        <div>
                                                          <div>Thanks
                                                          for the tip on
                                                          etckeeper!
                                                          Tripwire /
                                                          OSSEC hash
                                                          files and tell
                                                          you if the
                                                          hash has
                                                          changed but
                                                          they don't
                                                          give you the
                                                          actual change.
                                                          This should
                                                          work much
                                                          better!<br>
                                                          <br>
                                                          Regards,<br>
                                                          Matt
                                                          <div><br>
                                                          <br>
                                                          On 06/23/2013
                                                          02:52 PM,
                                                          Jason Brown
                                                          wrote:<br>
                                                          </div>
                                                          </div>
                                                          <div>
                                                          <blockquote type="cite">
                                                          <div>I like
                                                          the way <a rel="nofollow" href="http://www.virtualmin.com/" target="_blank">virtualmin</a> (A
                                                          webmin addon)
                                                          handles this,
                                                          even if I
                                                          don't always
                                                          use the
                                                          software.  You
                                                          can use it for
                                                          configuration,
                                                          then shut it
                                                          down when not
                                                          needed if it's
                                                          overhead is in
                                                          the way.<br>
                                                          <br>
                                                          In short, each
                                                          website /
                                                          apache virtual
                                                          host gets it's
                                                          own user,
                                                          unless it is a
                                                          sub-server
                                                          under and
                                                          existing user.
                                                          It's a good
                                                          data
                                                          segmentation
                                                          model.<br>
                                                          <br>
                                                          For web site
                                                          setup
                                                          operations it
                                                          is also a
                                                          useful
                                                          learning tool,
                                                          change an
                                                          option and see
                                                          what it did in
                                                          the
                                                          configuration
                                                          file(s).
                                                          etckeeper +
                                                          git is your
                                                          friend here.<br>
                                                          <br>
                                                          --Jason<br>
                                                          <br>
                                                          </div>
                                                          </blockquote>
                                                          <br>
                                                          </div>
                                                        </div>
                                                        <br>
_______________________________________________<br>
                                                        Chugalug mailing
                                                        list<br>
                                                        <a rel="nofollow" href="mailto:Chugalug@chugalug.org" target="_blank">Chugalug@chugalug.org</a><br>
                                                        <a rel="nofollow" href="http://chugalug.org/cgi-bin/mailman/listinfo/chugalug" target="_blank">http://chugalug.org/cgi-bin/mailman/listinfo/chugalug</a><br>
                                                        <br>
                                                      </blockquote>
                                                    </div>
                                                    <br>
                                                    <br clear="all">
                                                    <div><br>
                                                    </div>
                                                    -- <br>
                                                    <div dir="ltr">
                                                      <div>
                                                        <div style="font-family:arial;font-size:small">David

                                                          White</div>
                                                        <div style="font-family:arial;font-size:small">Founder

                                                          & CEO<br>
                                                        </div>
                                                        <div style="font-family:arial;font-size:small"><b><br>
                                                          </b></div>
                                                        <div style="font-family:arial;font-size:small">
                                                          <div><b>Develop
                                                          CENTS </b><br>
                                                          </div>
                                                          <div>Computing,
                                                          Equipping,
                                                          Networking,
                                                          Training &
                                                          Supporting </div>
                                                          <div>
                                                          Nonprofit
                                                          Organizations
                                                          Worldwide</div>
                                                          <div><a rel="nofollow" href="http://developcents.com/" style="color:rgb(17,85,204)" target="_blank">http://developcents.com</a></div>
                                                          <div><a href="tel:423-693-4234" value="+14236934234" target="_blank">423-693-4234</a></div>
                                                        </div>
                                                      </div>
                                                    </div>
                                                  </div>
                                                </div>
                                                <br>
_______________________________________________<br>
                                                Chugalug mailing list<br>
                                                <a href="mailto:Chugalug@chugalug.org" target="_blank">Chugalug@chugalug.org</a><br>
                                                <a href="http://chugalug.org/cgi-bin/mailman/listinfo/chugalug" target="_blank">http://chugalug.org/cgi-bin/mailman/listinfo/chugalug</a><br>
                                                <br>
                                                <br>
                                              </div>
                                            </div>
                                          </div>
                                        </div>
                                        <br>
                                        <fieldset></fieldset>
                                        <br>
                                        <pre>_______________________________________________
Chugalug mailing list
<a href="mailto:Chugalug@chugalug.org" target="_blank">Chugalug@chugalug.org</a>
<a href="http://chugalug.org/cgi-bin/mailman/listinfo/chugalug" target="_blank">http://chugalug.org/cgi-bin/mailman/listinfo/chugalug</a>
</pre>
                                      </blockquote>
                                      <br>
                                    </div>
                                  </div>
                                </div>
                                <br>
_______________________________________________<br>
                                Chugalug mailing list<br>
                                <a href="mailto:Chugalug@chugalug.org" target="_blank">Chugalug@chugalug.org</a><br>
                                <a href="http://chugalug.org/cgi-bin/mailman/listinfo/chugalug" target="_blank">http://chugalug.org/cgi-bin/mailman/listinfo/chugalug</a><br>
                                <br>
                              </blockquote>
                            </div>
                            <br>
                            <br clear="all">
                            <div><br>
                            </div>
                            -- <br>
                            <div dir="ltr">
                              <div>
                                <div style="font-family:arial;font-size:small">David
                                  White</div>
                                <div style="font-family:arial;font-size:small">Founder
                                  & CEO<br>
                                </div>
                                <div style="font-family:arial;font-size:small"><b><br>
                                  </b></div>
                                <div style="font-family:arial;font-size:small">
                                  <div><b>Develop CENTS </b><br>
                                  </div>
                                  <div>Computing, Equipping, Networking,
                                    Training & Supporting </div>
                                  <div>
                                    Nonprofit Organizations Worldwide</div>
                                  <div><a href="http://developcents.com/" style="color:rgb(17,85,204)" target="_blank">http://developcents.com</a></div>
                                  <div><a href="tel:423-693-4234" value="+14236934234" target="_blank">423-693-4234</a></div>
                                </div>
                              </div>
                              <div style="line-height:130%;text-align:left;font-size:10px;overflow:hidden;margin-left:0px;word-wrap:break-word;margin-top:0px;padding:0px"></div>
                            </div>
                          </div>
                        </div>
                      </div>
                      <br>
                      _______________________________________________<br>
                      Chugalug mailing list<br>
                      <a href="mailto:Chugalug@chugalug.org" target="_blank">Chugalug@chugalug.org</a><br>
                      <a href="http://chugalug.org/cgi-bin/mailman/listinfo/chugalug" target="_blank">http://chugalug.org/cgi-bin/mailman/listinfo/chugalug</a><br>
                      <br>
                    </blockquote>
                  </div>
                  <br>
                  <br clear="all">
                  <br>
                  -- <br>
                  <br>
                  <br>
                  <br>
                </div>
              </div>
                                            Benjamin Stewart<br>
              <br>
                                             <o(((><<br>
                                             ><)))o>
            </div>
            <br>
            _______________________________________________<br>
            Chugalug mailing list<br>
            <a href="mailto:Chugalug@chugalug.org" target="_blank">Chugalug@chugalug.org</a><br>
            <a href="http://chugalug.org/cgi-bin/mailman/listinfo/chugalug" target="_blank">http://chugalug.org/cgi-bin/mailman/listinfo/chugalug</a><br>
            <br>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
Chugalug mailing list
<a href="mailto:Chugalug@chugalug.org" target="_blank">Chugalug@chugalug.org</a>
<a href="http://chugalug.org/cgi-bin/mailman/listinfo/chugalug" target="_blank">http://chugalug.org/cgi-bin/mailman/listinfo/chugalug</a>
</pre>
    </blockquote>
    <br>
  </div></div></div>

<br>_______________________________________________<br>
Chugalug mailing list<br>
<a href="mailto:Chugalug@chugalug.org">Chugalug@chugalug.org</a><br>
<a href="http://chugalug.org/cgi-bin/mailman/listinfo/chugalug" target="_blank">http://chugalug.org/cgi-bin/mailman/listinfo/chugalug</a><br>
<br></blockquote></div><br></div>