Linux-VServer - User contributions [en]

Standard non-shared quota

2008-09-22T11:04:52Z

Datacompboy:

Want to enable quotas from within a vserver, nothing special, just plain old and good quota support? Then this might help you!
First things first, you will need a vserver enabled kernel that you have made working and you need to add vroot support to it (In menuconfig it is in Device Drivers → Block Devices → Virtual Root device support).

After booting on the vroot enabled vserver kernel, you should have a directory '''/dev/vroot/''' with 8 vroot devices (0-7) you can use to set up your quota, if you don't, then you may make them by mknod /dev/vroot/n b 4 n (where n can be from 0 to 7). If your Linux distribution uses ''udev'', these will be at '''/dev/vroot[0-7]''' instead.

== Initial Setup ==
Use ''vrsetup'' to tell the kernel what block device you want to handle quota for:
vrsetup /dev/vroot/0 [partition]
Where [partition] is your /vservers partition. For example, this could be something like /dev/hda5 if you're just using standard partitioning, or something like /dev/lvm/vserver0 if you're using LVM.

== Setting Up Vservers For Quota ==
Setting up the vserver for quota is straight forward: (you need util-vserver 30.208 or newer)
1. Create a default mtab for the guest. To do this, add:
/dev/hdv1 / ufs rw,usrquota,grpquota 0 0
to '''/etc/vservers/<name>/apps/init/mtab'''

2. Add the quota capability to the guest vserver. Add:
quota_ctl
to '''/etc/vservers/<name>/ccapabilities'''

3. Copy the vroot device which we setup earlier to the vserver:
cp -af /dev/vroot/0 /vservers/<name>/dev/hdv1

=== Finishing the setup ===

1. Start your guest.<br />
2. Inside the guest, run:
quotacheck -maugv

3. Still inside the guest, turn quotas on.

=== Save settings for reboot ===
To have setting persist on reboot, put vrsetup line into '''/etc/init.d/util-vserver''' start function, so after reboot vroot device get setup before it start.

Howto HostAuth

2008-08-16T15:21:40Z

Datacompboy: Unify styling

== What is this? ==

nss_vserver is a nss authentication module for linux-vserver powered systems which allows processes running on the host (sshd, getty) to authenticate users that exist on guests.

The module should almost transparently drop in to a modern Linux system: PAM would call its pam_unix module, which would in turn look through the nss modules to complete the process.

If you want to complete the guest login process, you should also get a modified version of vslogin linked to below. vslogin will pick up after authentication and deliver the user to a shell on his guest.

Note that with nss_vserver you don't need the syncshadows included in the vserverauth tarball.

== Why would I use it? ==

Using nss_vserver and vslogin you could run a single instance of sshd on the host. This host-based server would verify the credentials of a user on a guest and then vslogin would take care of presenting the user a guest-based shell.

== Installation Instructions ==

1. Get appropriate version. On x86 versions there need to use pthread version, on amd64 (and possible x86_64) need to use cthreads version (listed as nss_vserver_64). Also, on amd64 it stored into /lib/, not into /lib/tls/.

2. On linux, just run
make install

3. After, try to run
make test
To see if it works.

== How to remove it from system? ==

Just run

make uninstall

== Use with vslogin ==

After you have installed module, (and have vslogin copied to /sbin/ and suid-root) you are ready: try to login into a guest, say one named "test" with user "user", by loggin in into the host with username "test-user" or "user@test." You should find yourself logged into the guest.

Note: vslogin requires vservers root too be at /vservers, so make it as symlink to your location. For example, for debian systems need to do
ln -s var/lib/vservers /vservers

== Caveats ==

=== Security ===
WARNING! If you have installed vslogin, NEVER give shell access to your host to users -- any user on host, who able to execute programs and modify environment will be able to log into guests as anybody he wants!

=== Usernames and guest names with dashes ===

Avoid using usernames or guest names with dashes.

The current version only tries one configuration while searching for the user in guest databases, which can cause problems:

* User "user" on guest "ser-ver" when written as "user@ser-ver" will work fine, while "ser-ver-user" will be threated as user "ver-user" on vserver "ser".
* User "us-er" on guest "server" when written as "guest-us-er" will work fine, while "us-er@guest" will be threated as user "er@guest" on vserver "us".

If you must have dashes, use the syncshadows method instead.

== Download links ==

nss_vserver: http://dev.call2ru.com/vs/nss_vserver.tar.bz2

nss_vserver_64 (for use on 64bit systems): http://dev.call2ru.com/vs/nss_vserver_64.tar.bz2

modified vslogin: http://dev.call2ru.com/vs/vserverauth.tar.gz

== Authors and copyright ==

nss_vserver was written by Anton Fedorov <datacompboy@call2ru.com> 19 march 2006 and is public domain; feel free to use it as you want.

vslogin was written by Alec Thomas (http://swapoff.org/LinuxVServer)

Howto HostAuth

2008-08-08T09:30:25Z

Datacompboy: added link to 64bit version of libnss_vserver

== What is this? ==

nss_vserver is a nss authentication module for linux-vserver powered systems which allows processes running on the host (sshd, getty) to authenticate users that exist on guests.

The module should almost transparently drop in to a modern Linux system: PAM would call its pam_unix module, which would in turn look through the nss modules to complete the process.

If you want to complete the guest login process, you should also get a modified version of vslogin linked to below. vslogin will pick up after authentication and deliver the user to a shell on his guest.

Note that with nss_vserver you don't need the syncshadows included in the vserverauth tarball.

== Why would I use it? ==

Using nss_vserver and vslogin you could run a single instance of sshd on the host. This host-based server would verify the credentials of a user on a guest and then vslogin would take care of presenting the user a guest-based shell.

== Installation Instructions ==

On linux, just run

<code>

make install

</code>

After, try to run

<code>

make test

</code>

To see if it works.

== How to remove it from system? ==

Just run

<code>

make uninstall

</code>

== Use with vslogin ==

After you have installed module, (and have vslogin copied to /sbin/ and suid-root) you are ready: try to login into a guest, say one named "test" with user "user", by loggin in into the host with username "test-user" or "user@test." You should find yourself logged into the guest.

Note: vslogin requires vservers root too be at /vservers, so make it as symlink to your location. For example, for debian systems need to do
ln -s var/lib/vservers /vservers

== Caveats ==

=== Security ===
WARNING! If you have installed vslogin, NEVER give shell access to your host to users -- any user on host, who able to execute programs and modify environment will be able to log into guests as anybody he wants!

=== Usernames and guest names with dashes ===

Avoid using usernames or guest names with dashes.

The current version only tries one configuration while searching for the user in guest databases, which can cause problems:

* User "user" on guest "ser-ver" when written as "user@ser-ver" will work fine, while "ser-ver-user" will be threated as user "ver-user" on vserver "ser".
* User "us-er" on guest "server" when written as "guest-us-er" will work fine, while "us-er@guest" will be threated as user "er@guest" on vserver "us".

If you must have dashes, use the syncshadows method instead.

== Download links ==

nss_vserver: http://dev.call2ru.com/vs/nss_vserver.tar.bz2

nss_vserver_64 (for use on 64bit systems): http://dev.call2ru.com/vs/nss_vserver_64.tar.bz2

modified vslogin: http://dev.call2ru.com/vs/vserverauth.tar.gz

== Authors and copyright ==

nss_vserver was written by Anton Fedorov <datacompboy@call2ru.com> 19 march 2006 and is public domain; feel free to use it as you want.

vslogin was written by Alec Thomas (http://swapoff.org/LinuxVServer)

Howto HostAuth

2008-08-08T09:12:00Z

Datacompboy: vslogin and /vservers note

== What is this? ==

nss_vserver is a nss authentication module for linux-vserver powered systems which allows processes running on the host (sshd, getty) to authenticate users that exist on guests.

The module should almost transparently drop in to a modern Linux system: PAM would call its pam_unix module, which would in turn look through the nss modules to complete the process.

If you want to complete the guest login process, you should also get a modified version of vslogin linked to below. vslogin will pick up after authentication and deliver the user to a shell on his guest.

Note that with nss_vserver you don't need the syncshadows included in the vserverauth tarball.

== Why would I use it? ==

Using nss_vserver and vslogin you could run a single instance of sshd on the host. This host-based server would verify the credentials of a user on a guest and then vslogin would take care of presenting the user a guest-based shell.

== Installation Instructions ==

On linux, just run

<code>

make install

</code>

After, try to run

<code>

make test

</code>

To see if it works.

== How to remove it from system? ==

Just run

<code>

make uninstall

</code>

== Use with vslogin ==

After you have installed module, (and have vslogin copied to /sbin/ and suid-root) you are ready: try to login into a guest, say one named "test" with user "user", by loggin in into the host with username "test-user" or "user@test." You should find yourself logged into the guest.

Note: vslogin requires vservers root too be at /vservers, so make it as symlink to your location. For example, for debian systems need to do
ln -s var/lib/vservers /vservers

== Caveats ==

=== Security ===
WARNING! If you have installed vslogin, NEVER give shell access to your host to users -- any user on host, who able to execute programs and modify environment will be able to log into guests as anybody he wants!

=== Usernames and guest names with dashes ===

Avoid using usernames or guest names with dashes.

The current version only tries one configuration while searching for the user in guest databases, which can cause problems:

* User "user" on guest "ser-ver" when written as "user@ser-ver" will work fine, while "ser-ver-user" will be threated as user "ver-user" on vserver "ser".
* User "us-er" on guest "server" when written as "guest-us-er" will work fine, while "us-er@guest" will be threated as user "er@guest" on vserver "us".

If you must have dashes, use the syncshadows method instead.

== Download links ==

nss_vserver: http://dev.call2ru.com/vs/nss_vserver.tar.bz2

modified vslogin: http://dev.call2ru.com/vs/vserverauth.tar.gz

== Authors and copyright ==

nss_vserver was written by Anton Fedorov <datacompboy@call2ru.com> 19 march 2006 and is public domain; feel free to use it as you want.

vslogin was written by Alec Thomas (http://swapoff.org/LinuxVServer)