Hello everyone! Is it possible that inetd launch services inside service jails? Let me explain, I have a jail for pureftpd service, it is possible that inetd from the main system launch FTP server inside the jail? If not so, i don't uderstand advantage of to have an inetd service listening inside each jail... Thank you Ruben Lara Indeed, two weeks I have been led to the change of branch 7.0, today finally finished this hard work: ( Proponer una traducci?n mejor Gracias por proponer una traducci?n al Traductor de Google. Tus sugerencias nos servir?n para mejorar la calidad de las traducciones en futuras actualizaciones de nuestro sistema. Hello everyone! It is possible that inetd haul services within cages service? Let me explain, I have a cage for pureftpd service, it is possible that inetd from the main system lance FTP server inside the cage? If not so, there is no advantage that could have on each cage if I have a server service inetd listening ... Thank you Ruben Lara Indeed, two weeks I have been led to the change of branch 7.0, today finally finished this hard work: ( Traducir una p?gina web _________________________________________________________________ MSN Noticias http://noticias.msn.es/comunidad.aspx
Hi!> I have a jail for pureftpd service, > it is possible that inetd from the main system launch FTP server > inside the jail?No, it's not possible. The reason: When your client connects to the IP of the jail, inetd.conf running on the main system can start some jexec <jail-id> /usr/libexec/ftpd ... But: The <jail-id> depends on the IP the client is connecting to, and inetd has no lookup-hook to find the <jail-id> from the IP adress. It might not be too difficult to add this feature to inetd, but right now, it's not available.> If not so, i don't uderstand advantage of to have an inetd service > listening inside each jail...Jails are to virtualize systems, so if you have your own instance of inetd running in your jail, you can decide for yourself which services will served by your inetd instance. Just edit the inetd.conf inside the jail and restart inetd in your own virtual server. -- pi@opsec.eu +49 171 3101372 12 years to go !
On 3/27/08, Ruben Lara <bermejator@hotmail.com> wrote:> > Hello everyone! > > Is it possible that inetd launch services inside service jails? > > Let me explain, I have a jail for pureftpd service, it is possible that inetd from the main system launch FTP server inside the jail? > If not so, i don't uderstand advantage of to have an inetd service listening inside each jail... > > Thank you > Ruben Lara >No, this is not possible, but it is possible to run the pureftp service inside a chroot so that it only has access to the files you provide copies of in the chroot. This is the way to secure individual services that are part of a main box, a jail is a way to run a whole second server inside the first one. There are advantages to both approaches, but sometimes one is better than the other. give chroot a try, and inetd can launch the command line to start pureftpd in a chroot no problem.