Solaris Setup FTP Virtual system

Virtual system means "fake system", i.e. when a user uses a "virtual system", the system files and programs he sees are not files used by system managers. For example, when a manager types a command for "Ls-al/usr/bin/ls", he sees a file size of 32767bytes, while the other user types the command for "Ls-al/usr/bin/ls" with 65535bytes, which means that the path for the two files is the same, But it's a different file.

2. What is the function of the virtual system?

(1) Avoid the use of important information by other users

If you are unwilling to allow users to view or execute certain files, you can use a virtual system that allows users to not see a particular file or create another file that is different from the actual content of the file.

(2) Increase system security

If you have to open the user login machine, and fear that users use the system's internal vulnerabilities to obtain additional authority, damage system settings and theft of information, the use of virtual systems will be able to protect the system's data and system operation, so that malicious users can only do limited damage.

3. How to set up a virtual system with Solaris

In fact, the so-called "virtual system", mainly by the use of chroot (change root) to achieve, that is, changing the location of the root directory, and make the system corresponding to a new system settings. To achieve this, there are generally two methods, one is to modify the code, the other is to use the system itself to achieve the command.

Here we are not going to elaborate on how to modify the part of the code, simply put, the main part of the program is to use Chroot () This C function to change the location of the root directory, the more troublesome place is that you may have to modify the INETD program or other network service programs, of course, you can also write these programs,

But not every manager is interested in saving a program.

But no matter which method you adopt, there is one thing that needs to be done, and that is to create a virtual system environment. The following is a brief list of how to create a new system environment under the "/vs" directory and not modify the program to start the service of the virtual system:

tar -cf /system.tar /var /usr /etc /dev /devices

Press the/var,/usr,/etc,/dev,/devices in the system into System.tar this file.

tar -xf /system.tar /vs

System.tar this file into the/vs directory.

The above two lines of instructions will be able to system files to the "/vs" directory, at this time when you give "chroot/vs/usr/bin/sh" instructions, will be similar to the original system of the environment. In such an environment, the user does not end the current shell (the chroot shell) is unable to return to the original system with any instructions.

In fact, however, you don't need all of your system files to "virtual systems", as long as you have the files you need. As to what the required files are, see what services you have installed. The following is listed as the "virtual system" approach to creating FTP in "/vs":

(1) "/etc" directory in "virtual system"

Create a "/etc" directory in the "virtual system" to place passwords and profiles.

mkdir /vs/etc

Set the "/etc/inetd.conf" file in the "virtual system".

echo "ftp stream tcp nowait root /usr/sbin/in.ftpd
in.ftpd" > /vs/etc/inetd.conf

Set the "/etc/passwd" file in the "virtual system".

echo "root:x:0:1:Super-User:/:/usr/bin/tcsh" > /vs/etc/passwd
echo "ftp:x:60:60:Anonymous Ftp:/:/dev/null" >> /vs/etc/passwd

Set the "/etc/shadow" file in the "virtual system".

echo "root:NP:6445::::::" > /vs/etc/shadow
echo "ftp:NP:6445::::::" >> /vs/etc/shadow

(2) "/var" directory in "virtual system"

Create a "/var" directory in the virtual system to place the system log files.

mkdir /vs/var
mkdir /vs/var/adm