[ previous ] [ next ] [ threads ]
 From:  Seth Rothenberg <seth at pachai dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: m0n0wall testing site
 Date:  Sat, 24 Sep 2005 21:37:59 -0400 (EDT)
>The image builder is something Manuel mentioned long ago in the list
> archives, and something I've considered doing before, but it's not> easy to
do safely.  You have to run as root to make the final image,
> so you really have to be careful to watch what you're doing as you put
> it together.  Definitely would be nice to have though.

I have an idea how I would do such a thing "safely".
Would be interested in hearing what others think.
I would have the build run on a separate server
from the web server, and have the build be run
through an ssh.   (actually, once you go into
the tunnel, it may not matter if it is on the
same server. :-)
Alternatively, sudo...but I think sudo has
problems with multiple layers, if for example
apache is already running under sudo?

I'm drawing on some experience for work
where we "outsource" certain functions
across the network to force use of a physical
network device.  Our HA daemon runs a monitor program
on a remote server, then snoops the conversation.