Jailed SSH

[hostpc.com]

I'm sure there's threads on this already, but since I can't search for 3 letter words (ssh), here goes:

I've had DA on a box for a couple weeks now. I am kind of "testing the waters" before I start making a new control panel the "flavor of the year" , so far, it looks nice, I'm impressed with the updates, but there are some concerns I have.

1) Jailed SSH
2) Jailed CGI

Those are two real biggies in my opinion. There is a definate need to keep users in THEIR environment.

Are there plans (I'm kinda sure there are) to fix this SOON?

I'm gonna hold out another week or two to see what else progresses, but before I use this box in a production environment, I need these items addressed. Also, any ETA on IMAP ?

Thanks

Joe

 

[exposed]

1) Jailed SSH
2) Jailed CGI

I'm gonna hold out another week or two to see what else progresses, but before I use this box in a production environment, I need these items addressed. Also, any ETA on IMAP ?


Joe [/B]

yeah Jailed SSH and CGI would be a very nice feature. i agree with that.

At this stadium no IMAP deamon cannot work with the virtual paths that VM-POP3d uses, so i doubt that directadmin will add IMAP support soon.

 

[Dixiesys]

Yep, I can't even consider it until SSH and CGI's are jailed into the domain's own home directory.

We currently use Ensim 3.1 with a custom SUEXEC to jail cgi and SSH is jailed out of the box. If Directadmin can get those two things and IMAP and if they don't go Ensim on us and raise their prices 400% in a year (remember Ensim 3.1 unlimited used to be $199, then $399, now it's $799) then I could very well see myself using this on all new servers we put into production (this is 2-5 server licenses a month BTW).

 

[DirectAdmin Support]

I think I might be implementing IMAP from scratch sometime... after FreeBSD. We want jailing really bad too ... Maybe for the next version of DirectAdmin v2.0 or something. (Not sure what would have to be changed to current systems and if it would break anything).

John

 

[The Prohacker]

Jailing shell is great.. But its really a pain... Because usually you have to build a virtual file system for each person with it.. Which can take up quite a bit of space..

But luckly that proccess can be automated quite a bit...

To add folders via IMAP I looked at VM-pop3d and it wouldn't be hard to have it store incomming email in

/home/username/mail/domain/username/inbox
Instead of
/home/username/mail/domain/username

Pretty simple source edit.. And then just choose an imap engine that can work around it the current system or rewrite one a bit... Not quite sure though...

 

[Dixiesys]

we're experimenting with a mounted FS for each domain, I'm just wondering if the overhead of several hundred extra mounted fs's would be noticable.

You can simply "mount" a directory as a new filesystem we do this now with perl under ensim so we can install modules server wide.

 

[The Prohacker]

we're experimenting with a mounted FS for each domain, I'm just wondering if the overhead of several hundred extra mounted fs's would be noticable.

You can simply "mount" a directory as a new filesystem we do this now with perl under ensim so we can install modules server wide.

mount --bind can be pretty useful.. But does tend to slow a server down when you start adding several... I'm not quite sure where you'd want to draw the line on a production server.. Would just need to see how it preforms with 50 or so sites....

There would likely need to be an option to turn chroot on and off per site to save resources....