openvds-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Openvds-devel] Re: ow to DISABLE vm-pop3 in virtual server???

From: Urivan Saaib
Subject: Re: [Openvds-devel] Re: ow to DISABLE vm-pop3 in virtual server???
Date: Sun, 09 Dec 2001 00:22:54 -0800 (PST) 
Hi all,

Please note that the skel and vsd-scripts that I published some days ago
provides those changes.

Running independet services from the host server (centralized services
management) does not work, mostly because the reasons Simon wrote, but 
it doesnt only you to disable specific services into a given virtual, but
to expand the services without compromise other virtuals.

Related to what problems that could bring, they way this skel and the
scripts were built/modified are that /etc/xinetd.conf is owned by root and
it doesnt  use the "include" directive. If a host server is used to hold
several virtual servers i think the host administrator should know about
what services are running using privileged ports.

Regards,

---Reply to mail from Simon Garner about [Openvds-devel] Re: ow to DISABLE 
vm-pop3 in virtual server???

> From: "Marcos Rubinstein - ALPA WWW" <address@hidden>
>>
>> .- use xinetd instead of inetd, and define the service to be
>> used for each ip. You could even have xinetd running in each
>> virtual!.- the same warning that before... applies.
>>
> 
> 
> I suggest that for future versions of freeVSD and OpenVDS it should be
> changed so that (for RH7 with xinetd at least) each VS gets its own service
> file in /etc/xinetd.d, and instead of using virtuald we bind each service to
> its own IP using xinetd itself (with the bind_address directive).
> 
> The advantages of this are twofold:
> 
> 1) You can enable and disable inet services on a per-VS basis (in
> particular, this lets you disable services like FTP and POP on the host
> server).
> 
> 2) Each service will be tracked separately by xinetd. Note that if a service
> receives too many connections per minute (?), xinetd will disable that
> service for 30 seconds. With the current configuration, this means that, for
> example, if a user with a download accelerator like DAP starts hammering the
> FTP service on *one* VS with a load of failed connections (e.g. if you have
> ProFTPD set to only allow 2 connections from each host), then FTP service
> could be disabled on *all* your VS's for 30 seconds!

_______________________________________________________
Urivan Saaib
Presidente
CiberNET Mexico 
Email: address@hidden
Tel/Fax: +52 (646) 1757195
reply via email to
[Prev in Thread] Current Thread [Next in Thread]