Virtual system means "fake system", i.e. when a user uses a "virtual system", the system files and programs he sees are not files used by system managers. For example, when a manager types a command for "Ls-al/usr/bin/ls", he sees a file size of 32767bytes, while the other user types the command for "Ls-al/usr/bin/ls" with 65535bytes, which means that the path for the two files is the same, But it's a different file.
2. What is the function of the virtual system?
(1) Avoid the use of important information by other users
If you are unwilling to allow users to view or execute certain files, you can use a virtual system that allows users to not see a particular file or create another file that is different from the actual content of the file.
(2) Increase system security
If you have to open the user login machine, and fear that users use the system's internal vulnerabilities to obtain additional authority, damage system settings and theft of information, the use of virtual systems will be able to protect the system's data and system operation, so that malicious users can only do limited damage.
3. How to set up a virtual system with Solaris
In fact, the so-called "virtual system", mainly by the use of chroot (change root) to achieve, that is, changing the location of the root directory, and make the system corresponding to a new system settings. To achieve this, there are generally two methods, one is to modify the code, the other is to use the system itself to achieve the command.
Here we are not going to elaborate on how to modify the part of the code, simply put, the main part of the program is to use Chroot () This C function to change the location of the root directory, the more troublesome place is that you may have to modify the INETD program or other network service programs, of course, you can also write these programs,
But not every manager is interested in saving a program.
But no matter which method you adopt, there is one thing that needs to be done, and that is to create a virtual system environment. The following is a brief list of how to create a new system environment under the "/vs" directory and not modify the program to start the service of the virtual system:
tar -cf /system.tar /var /usr /etc /dev /devices
Press the/var,/usr,/etc,/dev,/devices in the system into System.tar this file.
tar -xf /system.tar /vs
System.tar this file into the/vs directory.
The above two lines of instructions will be able to system files to the "/vs" directory, at this time when you give "chroot/vs/usr/bin/sh" instructions, will be similar to the original system of the environment. In such an environment, the user does not end the current shell (the chroot shell) is unable to return to the original system with any instructions.
In fact, however, you don't need all of your system files to "virtual systems", as long as you have the files you need. As to what the required files are, see what services you have installed. The following is listed as the "virtual system" approach to creating FTP in "/vs":
(1) "/etc" directory in "virtual system"
Create a "/etc" directory in the "virtual system" to place passwords and profiles.
mkdir /vs/etc
Set the "/etc/inetd.conf" file in the "virtual system".
echo "ftp stream tcp nowait root /usr/sbin/in.ftpd
in.ftpd" > /vs/etc/inetd.conf
Set the "/etc/passwd" file in the "virtual system".
echo "root:x:0:1:Super-User:/:/usr/bin/tcsh" > /vs/etc/passwd
echo "ftp:x:60:60:Anonymous Ftp:/:/dev/null" >> /vs/etc/passwd
Set the "/etc/shadow" file in the "virtual system".
echo "root:NP:6445::::::" > /vs/etc/shadow
echo "ftp:NP:6445::::::" >> /vs/etc/shadow
(2) "/var" directory in "virtual system"
Create a "/var" directory in the virtual system to place the system log files.
mkdir /vs/var
mkdir /vs/var/adm