Zoning the Swamp

Today I was pleased to roll out the codereview swamp— a place
where OpenSolaris developers can post codereviews. If you’re doing OpenSolaris development, feel
free to request an account.

So how did we build it? Stephen Lau provided me free hosting.
He created a zone with a fairly straightforward configuration. Once he created the zone, he made
me an account inside of it, set the root password, and turned it over to me.

This highlights an important property of zones: delegated administration. Stephen
can be sure that giving me the root password for the cr zone won’t result in the
loss of data, or any kind of security problems at his other domains. I was then able to
configure apache 2.x as I liked, create user accounts, change the SSH configuration,
switch sendmail into outbound-only mode, etc. The result is that I have a nicely locked
down virtual system.

A final piece of the puzzle is rssh,
which allows us to configure SSH to allow scp/sftp access, but not shell access by setting
the user’s shell to rssh.

All of this is temporary solution– we expect that
will eventually be a more canonical place to post codereviews, but today that
capability is missing.

Technorati Tag:

Technorati Tag:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s