From: <pa...@bo...> - 2004-03-07 09:11:38
|
Hello, I'm a FreeVSD user that want migrate soon to UML. I'm have some basic doubts in a moment.... In FreeVSD, to access a customer's virtual server from the host machine, I only need to use the command : bevs -r virtualserver-x And in this way, I can access any virtual server that I want, without to know the admin password. In UML, how can I do for get something like this ? Access any customer virtual server without have the customers root password ? Regards, Pedro Almeida |
From: roland <for...@gm...> - 2004-03-07 11:05:43
|
mhh - i think there is no exact equivalent in uml, but there should be several ways to get into an uml without knowing the root-pw. i really know of no way to have "unlimited" access - i mean in a way, to have access even if the customer doesn`t want you to have access. unfortunately all of the following methods could be overridden by the customer, to lock you out again. - you could store your ssh public key in each uml. then you can log into that uml without knowing the root-pw - you could create sort of a "service account" and give it root privileges via SUDO. - you probably can edit /etc/inittab to spawn a console on a special port,tty or xterm, which has no login program running - if not using COW and if not needing access to a "live system", you can shutdown a customers uml and loopback-mount the uml-filesystem for access. - you could install a kernel based trojan rootkit ;) further ideas from anybody else? i`m have interest in such feature, too. i wished such "root console without root-pw" would exist in mconsole. regards roland ----- Original Message ----- From: <pa...@bo...> To: <use...@li...> Sent: Sunday, March 07, 2004 9:56 AM Subject: [uml-user] Access virtual servers from host without root password > > Hello, > > I'm a FreeVSD user that want migrate soon to UML. > > I'm have some basic doubts in a moment.... > > In FreeVSD, to access a customer's virtual server from the host machine, > I only need to use the command : > > bevs -r virtualserver-x > > And in this way, I can access any virtual server that I want, without > to know the admin password. > > In UML, how can I do for get something like this ? > > Access any customer virtual server without have the customers root > password ? > > Regards, > > Pedro Almeida > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > _______________________________________________ > User-mode-linux-user mailing list > Use...@li... > https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user > |
From: Jeff D. <jd...@ad...> - 2004-03-08 21:19:34
|
for...@gm... said: > further ideas from anybody else? i`m have interest in such feature, > too. You can create a admin console by sticking something in inittab which puts a root shell on a specified console. Then just stick that in screen and you have root access to the UML from the host whenever you need it. > i wished such "root console without root-pw" would exist in mconsole. That's not going to happen. Jeff |
From: Jeff D. <jd...@ad...> - 2004-03-12 02:16:36
|
for...@gm... said: > but that also can be "overridden" by a paranoid "customer" :) i would > find it interesting to know how to get root-access to an uml without > being locked out - be it done intentionally or unintentionally by the > person who is using it. If it's done intentionally, wouldn't that be a violation of your AUP? That aside, if you have the UML filesystem available on the host, there are all sorts of things you can do: change passwords back change inittab back make either of them unchangeable (by permissions or by making them immutable) so that things that you don't want to be changed can't be There is no need to put anything in the kernel to allow this to happen. Jeff |
From: Jeff D. <jd...@ad...> - 2004-03-07 18:56:23
|
On Sun, Mar 07, 2004 at 05:56:29AM -0300, pa...@bo... wrote: > Access any customer virtual server without have the customers root > password ? Boot from hostfs, with the guest root filesystem either in a subdirectory on the host or a loop-mounted disk image. This will be the preferred method of booting a UML because of the reduced memory usage that's possible that's not available with ubd images. This will have the side-effect that the UML filesystems will be directly accessible on the host. Jeff |
From: roland <for...@gm...> - 2004-03-07 19:28:10
|
hi > This will be the preferred method of booting a UML because of the reduced > memory usage wouldn`t it be useful to have something like COW for hostfs ? each uml could use one single r/o hostfs and writes would transparently go to a different directory tree. perhaps that could make things very easy - especially when it comes tho uml administration/configuration. jeff - would that make sense? should`t be too hard to implement, shouldn`t it? regards roland ----- Original Message ----- From: "Jeff Dike" <jd...@ad...> To: <pa...@bo...> Cc: <use...@li...> Sent: Sunday, March 07, 2004 8:11 PM Subject: Re: [uml-user] Access virtual servers from host without root password > On Sun, Mar 07, 2004 at 05:56:29AM -0300, pa...@bo... wrote: > > Access any customer virtual server without have the customers root > > password ? > > Boot from hostfs, with the guest root filesystem either in a subdirectory on > the host or a loop-mounted disk image. > > This will be the preferred method of booting a UML because of the reduced > memory usage that's possible that's not available with ubd images. > > This will have the side-effect that the UML filesystems will be directly > accessible on the host. > > Jeff > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > _______________________________________________ > User-mode-linux-user mailing list > Use...@li... > https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user > |
From: BlaisorBlade <bla...@ya...> - 2004-03-07 19:41:32
|
Alle 20:17, domenica 7 marzo 2004, roland ha scritto: > hi > > > This will be the preferred method of booting a UML because of the reduced > > memory usage Sorry, what about ubd=mmap? > wouldn`t it be useful to have something like COW for hostfs ? > each uml could use one single r/o hostfs and writes would transparently go > to a different directory tree. perhaps that could make things very easy - > especially when it comes tho uml administration/configuration. > > jeff - would that make sense? should`t be too hard to implement, shouldn`t > it? What if I change one file? Especially if I change 1 byte of one 1-mega file? Yes, a simple solution is possible (copy and modify new copy) but it seems not very good At least until someone creates a Copy-On-Write host filesystem implementation (i.e. one where a copy operation just setups two files referring to the same data blocks, which are duplicated on write). Unlikely someone does it (well, a Reiser4 plugin could be written, but it's unlikely). -- Paolo Giarrusso, aka Blaisorblade Linux registered user n. 292729 |
From: Sven 'D. M. <sv...@da...> - 2004-03-07 20:05:57
|
BlaisorBlade wrote: > Alle 20:17, domenica 7 marzo 2004, roland ha scritto: > >>hi >> >> >>>This will be the preferred method of booting a UML because of the reduced >>>memory usage > > Sorry, what about ubd=mmap? afaik jeff dropped it for now cause it won't work on ubd (iirc). Hope he'll post some words about it ;) Regards, Sven |
From: roland <for...@gm...> - 2004-03-07 20:18:37
|
> What if I change one file? Especially if I change 1 byte of one 1-mega file? > Yes, a simple solution is possible (copy and modify new copy) but it seems not > very good good point! i missed that - this indeed makes things very complicated > At least until someone creates a Copy-On-Write host filesystem implementation > (i.e. one where a copy operation just setups two files referring to the same > data blocks, which are duplicated on write). Unlikely someone does it (well, > a Reiser4 plugin could be written, but it's unlikely). btw - didn`t we want a possibility to mount a COW filesystem on the HOST? :D regards roland ----- Original Message ----- From: "BlaisorBlade" <bla...@ya...> To: <use...@li...> Sent: Sunday, March 07, 2004 8:31 PM Subject: Re: [uml-user] Access virtual servers from host without root password > Alle 20:17, domenica 7 marzo 2004, roland ha scritto: > > hi > > > > > This will be the preferred method of booting a UML because of the reduced > > > memory usage > Sorry, what about ubd=mmap? > > > wouldn`t it be useful to have something like COW for hostfs ? > > each uml could use one single r/o hostfs and writes would transparently go > > to a different directory tree. perhaps that could make things very easy - > > especially when it comes tho uml administration/configuration. > > > > jeff - would that make sense? should`t be too hard to implement, shouldn`t > > it? > What if I change one file? Especially if I change 1 byte of one 1-mega file? > Yes, a simple solution is possible (copy and modify new copy) but it seems not > very good > > At least until someone creates a Copy-On-Write host filesystem implementation > (i.e. one where a copy operation just setups two files referring to the same > data blocks, which are duplicated on write). Unlikely someone does it (well, > a Reiser4 plugin could be written, but it's unlikely). > -- > Paolo Giarrusso, aka Blaisorblade > Linux registered user n. 292729 > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > _______________________________________________ > User-mode-linux-user mailing list > Use...@li... > https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user > |
From: Dan S. <da...@sh...> - 2004-03-07 23:07:44
|
On Sun, Mar 07, 2004 at 08:31:16PM +0100, BlaisorBlade wrote: > > wouldn`t it be useful to have something like COW for hostfs ? > > each uml could use one single r/o hostfs and writes would transparently go > > to a different directory tree. perhaps that could make things very easy - > > especially when it comes tho uml administration/configuration. > > > > jeff - would that make sense? should`t be too hard to implement, shouldn`t > > it? > What if I change one file? cp -al already helps here > Especially if I change 1 byte of one 1-mega file? But it doesn't help this :-( > Yes, a simple solution is possible (copy and modify new copy) but it seems not > very good only too true. -- Dan Shearer da...@sh... |
From: Jeff D. <jd...@ad...> - 2004-03-08 21:18:39
|
bla...@ya... said: > Sorry, what about ubd=mmap? Al Viro pursuaded me that it ultimately wouldn't work. I might get it to work, but that would be replying on filesystem behavior that is not guaranteed. Jeff |
From: Jeff D. <jd...@ad...> - 2004-03-08 21:20:43
|
for...@gm... said: > wouldn`t it be useful to have something like COW for hostfs ? each uml > could use one single r/o hostfs and writes would transparently go to a > different directory tree. perhaps that could make things very easy - > especially when it comes tho uml administration/configuration. > > jeff - would that make sense? should`t be too hard to implement, > shouldn`t it? That wouldn't be too hard to do, and that's also one of the long-standing hostfs wish-list items. As pointed out earlier, it sucks on the change-one-byte-in-1M-file scenario, but I think that probably doesn't happen too much. Probably mostly databases, log files, and config files being updated from the original. Jeff |
From: Jeff D. <jd...@ad...> - 2004-03-12 02:16:35
|
for...@gm... said: > as we know - if worse things can happen, they happen! and offering a > hostfs whith that limited "change-little-in-big-files"-capability > could probably be a killer in many scenarios, IMHO. I'd want to see a real workload where that happens badly enough to cause a problem. In any case, it shouldn't be hard to add block-level COWing to hostfs files. The code is obviously already written, it would just need to be applied to a different set of files. Jeff |