SSH / chroot / user jail - vaporware?

N

nekote

Verified User
Joined
Sep 11, 2003
Messages
10
Sorry to be grumpy.
SSH / chroot / user jail was supposed to happen, "soon", wasn't it?
As a lowly reseller & user, I'm still waiting for Putty SSH ability, right?

Have I missed something important, maybe?
OK, everything always takes longer.
But, come on, how many months has it been?

Is this going to get done?
When?
What is it going to take to have sufficient priority to insure it gets done?

Grumpy, gumble, murmur, mumble, grrr, klasdjklfsdakljlk;afsk

Please accept this grousing from a respectful kindred spirit who has been there / done that.

What's the straight poop???
 
Straight poop:

We've been quiet about it, but I will say that programming is complete for jailing at all levels. It's a major system change so it's something we refuse to rush into.

We've also been quite busy, especially with the FreeBSD development and now Fedora / Enterprise. That's on top of the regular support tasks, sales tasks, etc. See:

http://www.directadmin.com/versions.php

:D

It's coming!

Mark
 
It's coming!
Click to expand...
yea, so is New Year's.

But really, what target do you have penciled in?
By the end of February?
Shooting for mid-March, but definitely by end-March?

I know the swamp rises and falls.
And that the crocs and 'gators are tough, hungry dudes.
We talkin' 'bout trying to make the summer?
 
You're grumpy but very funny being so :D
Click to expand...
yea, well, like I said - been there, done that.
I'm sure DirectAdmin doesn't need some 2 bit bystander carping and bitching at them.
That BS never helped me.

But, it has had the effect of reminding me and re-focusing me on finishing getting that sucker nailed down and forced into the "can", such that life can go on, so to speak.

What is truly necessary and remains to be done?
What's it gonna' take / have to be different / differed / postponed / lowered in priority in order to have enough resources (person hours) to actually make it happen?

And all the while remembering that old maxim:
Adding more people to a late software project makes it later.

IMHO: The really helpful thing to do is to remove other distractions / responsibilities from those already doing the work, so they can concentrate their time more effectively.
 
Assigning / hiring others to spend time and effort on filtering and handling those things that don't absolutely need the team's direct attention ?

Say, like, by not spending as much (any?) time reading or responding to posts by 2 bit bystanders, like (errr, Ahem, cough cough) me?
 
nekote said:
Say, like, by not spending as much (any?) time reading or responding to posts by 2 bit bystanders, like (errr, Ahem, cough cough) me?
Click to expand...
I partially agree with you, the chroot for SSH has been postponed (that correct english ?) a few times, and I'd like to see it before the summer if possible.

But I believe what really adds value to DA is that the persons responsible for making it accually are the persons who respond to help requests, feature requests etc. This way DA has a bit more of a personal support level than per example cPanel. Granted, cPanel has forums, but as far as I know the original creators of cPanel don't read those forums much.

At the moment server 2 server transfers, backup stuff and Fedora support has a higher priority, I respect that, since I also would like these features in the near future. Chrooted SSH is also on my list of features I'd like to see, but I'd rather see server 2 server and complete backups instead of chrooted SSH...
 
yep, I gotta' agree.

Absolutely everybody (that wants something) is going to have their own "highest priority" list of what to do, next. Me, me, me. :)

And I agree - Personal responses by the people who do the work is very highly satisfying - both for the poster and the responder. Certainly one of the joys in my life - knowing I'm making a difference.

That's certainly at the bottom of *my* list of desireables to lose.

But, if something's gotta' go, in order to make something else possible, I'm willing to "volunteer" something that I highly value for something I value even more.

I've had my 2¢.
And I have been heard.

Thanks for considering my request / point of view.
 
Well it sounds like your not understand John so i will put my input in, Jailed SSH he does nto want to rush into because he does not want exploits, bugs and so on found by lammers that would give the ablity to find a way to run serviices and so on. I also want Jailed SSH but i will wait in tell he gets it pretty much perfect., actually one my customers want DA to get it done really bad also.
 
Another month gone by

First post in this thread was 2/17.
That was after about 6 months or so of patience.

Another month has passed.

Considering how much progress was made in a month, versus how much more still needs to be done, is there a realistic estimate of when this will finally be available?

TIA
 
No work has been done on jailing for a while. We're trying to nail out the bugs in the backup system and get a few more OS's released. We do have very primitive jail working, but it's missing things like the ability to send formmail with cgi scripts because the mailer is outside of the shell. There will be many issues like that, but it's still on the backburner. Another reason is because the demand that we see has slowed, but that's most likely due to patient people like yourself :) ... at any rate, we really want to get it released, along with several other features/OS's, but there aren't enough hours in the day, so we need to prioritize.

John
 
John; you sound like your company is, uhhm, having some problems with the number of people working there. Wouldn't this qualify to start looking for a new programmer or something to strengthen your team ?

Note: as the rest of you all; still waiting... ;)
 
For what it's worth, I'm very interested in moving from Ensim to DirectAdmin. However, I won't do so unless and until there is at least a jailed shell, or (preferably) chroot support.

Just thought it might be worth hearing from a lurker/potential customer who is considering DA.

I'm guessing I'm not the only one you have never heard from, but who would be interested in DA if it weren't for the lack of this feature.
 
For those desperate for chroot and jailing, you could temporarily use a grsec patched kernel to allow it...

Chris
 
I've ran a GRSec kernel set to medium security with DA and RH9 for a few weeks on a production server with no problems whatsoever if that helps.

Matt
 
thoroughfare said:
I've ran a GRSec kernel set to medium security with DA and RH9 for a few weeks on a production server with no problems whatsoever if that helps.

Matt
Click to expand...

Got more info on this? What OS? Redhat 9? is there an easily attainable RPM for this kernel or does it require compiling?

Jailed SSH is a HUGE concern for me I haven't mentioned it in a while mainly because I didn't figure it'd help to keep screaming about it, but I dont want the DA team to think interest is waning...
 
Redhat 9. It's a kernel patch, you'd need to recompile your kernel. I have GRSecurity set to medium setting and it's caused no problems. I haven't set up ACLs yet. www.grsecurity.net

HTH,
Matt :)
 
http://forum.ev1servers.net/showthread.php?s=&threadid=11858&perpage=25&pagenumber=2

Lack of jail cited as a reason for not giving DA a chance (right before he accuses me of being a shill for Directadmin, funny stuff).

Just an FYI to the DA devs, jailed cgi/ssh is a huge concern whether people are mentioning it much here or not, I know of several people who've basically said "until the user environment is jailed in some way I won't even consider it".
 
Grumble, grumble, grumble

Yea, yea, yea.
Grumble, grumble, grumble.

First post in this thread was February, 2004.
And that was after 6 months of waiting silently.
Now heading for June (2004).

Grumble, grumble, grumble.

Given up on planning to offer SSH / chroot / user jail ?
Just too tough?

Gonna' be available, "tomorrow" ?

Got any schedule penciled in?
Something we could take to the bank?

Sorry to still be carping and bitching from the peanut gallery.

Best of Luck.
 
You must log in or register to reply here.
Back
Top