Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: John Sequeira on July 16, 2003, 08:01:53 PM
-
Has anyone tried to get user-mode-linux running on an e-smith server?
I'd like to run a distro with X on a UML instance (so I can do LTSP-type stuff) without messing with the rest of my e-smith box.
Assuming it's not a big deal to install, am I a dreamer to think that having this virtual machine listen only on my internal NIC wouldn't be too big a security risk?
In my case, running a second box is not an option.
-
Seems to me that LTSP (thought not your specific question) has been brought up several times before somewhere on the phorum, and my recollection is that it was highly discouraged even if possible.
Not sure what you're trying to do in the end, but if it's related to LTSP...I'm curious what other responses will be. IMHO - LTSP would certainly be a great add-on to SME.
-
My understanding from reading past forum postings is that LTSP has been discouraged because the type of end user applications you'd run with it (Gnome/KDE, OpenOffice, Evolution etc.) are inherently less secure than esmith's recommended mail/web/dns/dhcp/proxy servers and it'd be a real bad idea to run them on a firewall machine where they can be attacked.
However, User Mode Linux should be able to bind itself to your local NIC, which means only computers on your LAN could access it and your end-user apps would be protected from the outside world. Also, if the apps are unstable or crash, UML should be able to protect your server box from
So you'd in effect have a protected server that you could use for various X applications ,,,
I'd just like to hear from someone who's tried it out. If not, I'll see if I can get it going in VMWare
-
I'm working on a non-commercial project to provide an ict infrastructure for schools for young children. The goal is to offer a solution that is easy to install and maintain and offers the basic functionalities.
The applications I have in mind are PMwiki for wiki wiki sites and contentmanagement for the website, Mozilla for the browser, AbiWord for textediting, the Gimp for photo and drawing maniplulation and xmms for sound and movies. The idea is to offer a very limited collection of applications so the users will have the idea that they can learn to work with them.
When it is possible to run ltsp on an sme-box it will save a school a server pc. Running all the system software on one pc will make the whole network less complicated and that is the major goal of my project. I like to offer an out of the box solution to the schools who get old pc's for free from local government and businesses but doesn't has enough skills, time and money to do something usefull with it.
Although safety is a serious issue it is not at the top of the list. A school for young children is not a bank or a local government. SME offers all the system functionalities I have in mind, except the ltsp server so SME will certainly be part of the solution.
I can do some testing with the 6 used pc's I have at my office.
Suggestion for testprocedures are welcome.
With friendly regards
Erik de Wild
Tripple-o
(open standards, open source, open mind)
-
Erik,
Your effort sounds very cool. I realize what a compelling combination a combined application server and firewall could be for nonprofits/schools who want a single box to buy/worry about. Here's a very good writeup I've found on why you don't want to do that the naive way (putting both on a single box) :
http://www.aplawrence.com/Security/firewallserver.html
People actually use UML to create honeypots for hackers -- binding an OS instance to the *external* NIC, for the express purpose of being attacked. I'm thinking the opposite must be possible.
In other words, UML has virtual networking capabilities that you might be able to use to get around the concerns in the link above.
http://user-mode-linux.sourceforge.net/networking.html
So to proceed:
Download UML rpms and recent RedHat filesystem
Setup UML ... launch RH instance.
Bind RH instance to internal NIC
install (K12)LTSP rpm's in RH instance
And be all set.
Let me know how it goes.