Virtual Services Howto Brian Ackerman, brian@nycrc.net v1.2, 4 November 1997 ɲ¡ N, isaji@mxu.meshnet.or.jp 23 Dec 1997 ±ÌhL gÍT[rX̼z»Ìû@É¢ÄÜ·Ü·¦Ä«½v ɶĩêܵ½B (óÒFó¶ÉÖ·é¿âÍK¸É²¡ÜŨ袢 ½µÜ·Bܽ±ÌHOWTO{Ì(pê)ÌÅVÅÍ ftp://sun- site.unc.edu/pub/Linux/docs/HOWTO/ ©çüèÅ«Ü·)B ______________________________________________________________________ Ú 1. Cg_NV 1.1 KvÈm¯ 1.2 ÚI 1.3 tB[hobN 1.4 üùð 1.5 ì Azzð(Copyright/Distribution) 2. IPGCAX 3. o[`f[(virtuald) 3.1 ÇÌæ¤È®ìð·é© 3.2 inetd 3.3 virtual.conf 3.4 virtualdÌ\[X 4. ¼zXNvg(Virt scripts) 4.1 virtfs 4.2 virtexec 4.3 virtfsÆvirtexecÉÖ·éÓ 5. DNS 6. Syslog 6.1 âè_ 6.2 ðû@ 7. ¼zFTP 8. ¼zWeb 9. ¼zIÈMail/Pop 9.1 Qmail ÌÓ_ 9.2 âè 9.3 «¢ðû@ 9.4 Ç¢ðû@ 10. »Ì¼¼zIÉÅ«é±Æ 11. ÜÆß 12. FAQ 13. ìÆ 13.1 virtfsÉ墀 13.2 »Ì¼ÌG[ 13.2.1 /var/log/syslog: 13.2.2 FTP 13.2.3 Mail 13.2.4 Web ______________________________________________________________________ 1. Cg_NV 1.1. KvÈm¯ ¼zT[rXÌÝèÍ»ñÈÉïµ¢àÌÅÍ èܹñBµ©µîbIÈ ¿ÉÁ¦Ä»êÈãÌm¯àKvƳêÜ·B±ÌhL gÅÍLinux} VÌÝèÌdûÉ¢ÄÍæ赢ܹñB ±ÌhL gðð·éÉÍȺq×éhL gÌàeÉ¿áñƵ êeµñÅ¢éàÌƼèµÜ·B o LinuxJ[lÌRpCÆIP aliasingT|[gÌÇÁ IP alias mini- HOWTO o lbg[NfoCXÌZbgAbvÆÝè NET-3 HOWTO o inetdÌÝè NET-3 HOWTO o lbg[NpbP[WÌRpCÆCXg[ Sendmail Site Apache Site Wu-Ftpd FAQ o DNSÌÝè DNS HOWTO àµãÉq×½¿É¢ÄܾðµÄ¢È¯êÎA±êçÌpbP[ Wɵêéæ¤ÉãÉw¦³ê½Nðg¢»ÌhL gðÇÜ êé±Æð¨§ßÜ·B±êçÌhL gàeÉ¢Ä[ð ÁÄ¢½¾¢ÄàÔÍoµÜ¹ñBHOWTOÌY·éÒɼڷ¢Ä º³¢B 1.2. ÚI ¼zT[rXÌÚIÍ¡Ìlbg[NJ[hðgíȢšÌIPAh XðPÌ}VÉF¯³¹éÆ¢¤àÌÅ·BIPGCAXÍJ[lIv VÅA±ÌIvVÍelbg[NfoCXÉêÂÈãÌIPAhX ðèÄéæ¤É·é½ßÌÅ·BJ[lÍobNOhÅeIPAh Xð¬ÉXbv·é±ÆÉæè½dM (multiplexes)ðs¢Ü·B[ U[ÉÆÁÄÍÐÆÂÈãÌlbg[NJ[hª é©Ìæ¤É©¦éí¯ Å·B ±Ì½dM(multiplexing)ÉæÁÄwww.domain1.com, www.domain2.comÈÇ Æ¢Á½¡ÌhCðÐÆÂÌhCöxÌRXgÅ^cÅ«Ü·Bc OȱÆɽÌT[rX(ftp, web, mail)Í»ÌÜÜÅͱ̡ÌhC Åg¦Ü¹ñB»êçðKØɮ쳹é½ßÉÍAÝèt@CÆ\[X R[hðC³µÈÄÍÈèܹñB±ÌhL gͼz}VÌZb eBOɨ¢Ä»ÌC³ðÇÌæ¤És¤©ðàµÄ¢Ü·B f[à¯lɼzT[rXÌ@\ðñ·é½ßÉKvÅ·B¡ñg¤f [(virtuald)Ì\[XÍA±ÌãhL gÉoÄ«Ü·B 1.3. tB[hobN pbP[WªAbvf[g³ê½èÝèÌÏXª Á½ÉA±ÌhL gðg£µÜ·B±ÌhL gÅAÍÁ«èµÈ¢ÈÇÌsïª èÜ µ½ç»ÌñÄâ¿âÈÇð[É¢ÄÁĺ³¢BܽRgÍÅ «é¾¯ÍÁ«èÆADZÌͪí©èÉ¢©ð¾LµÄº³¢B»ÌÊ ÒªHOWTOS¶ÉÚðʳ¸É·ÝÜ·BTuWFNgÉÍVIRTSERVICES HOWTOÆ¢ÄÁÄ¢½¾±ÆàåØÅ·B»Ì¼Ì[ÍÂlpÆÈ èÜ·BÂlp[ðÇܸ¹Á©Á½[વĵܤ©àµ êÈ¢ÌÅ\ªÓµÄº³¢B ±ÌhL gÅÒªñ¦µ½áÍÙñÌêáÉ·¬È¢ÌÅA»ÌÜÜ Rs[µÄgíȢź³¢BÇÒe©ª©ªÌÂ«É ¤æ¤É«·¦Ä ¨¢Äº³¢Bൽ©âèª èܵ½çÒÜÅ[ðÁĺ³¢B »ÌÛ[ÉÍ¿áñÆÝèt@CAG[bZ[Wð¢Ä¾³ê ÎA¿áñÆÚðʵĻÌðÈÇÌñÄð[ÅԵܷB 1.4. üùð V1.0 úo[W V1.1 Virtual Web SectionÌG[XV V1.2 útÌXV 1.5. ì Azzð(Copyright/Distribution) This document is Copyright (c) 1997 by The Computer Resource Center Inc. A verbatim copy may be reproduced or distributed in any medium physical or electronic without permission of the author. Translations are similiarly permitted without express permission if it includes a notice on who translated it. Commercial redistribution is allowed and encouraged; however please notify Computer Resource Center of any such distributions. Excerpts from the document may be used without prior consent provided that the derivative work contains the verbatim copy or a pointer to a verbatim copy. Permission is granted to make and distribute verbatim copies of this document provided the copyright notice and this permission notice are preserved on all copies. In short, we wish to promote dissemination of this information through as many channels as possible. However, I do wish to retain copyright on this HOWTO document, and would like to be notified of any plans to redistribute this HOWTO. (aó¶ðt¯Ä¨«Ü·ªA³®Èì ÍpêÌ´¶É]¢Ü·) Ò̳FðÆç¸É´¶ÌRs[ðµÄ¨I/dqI}ÌÅüÏ/zzµÄ à©Ü¢Ü¹ñB|óà¯lÉÁÊÈÂÍ¢èܹñªA»ÌêÍNª| óµ½Ì©K¸¾LµÄº³¢B¤pIÈÄzzÍFßÜ·Bܽ§µÜ ·Bµ©µ»Ìæ¤Èzzð·éà Computer Resource CenterÉÜÅͯ oĺ³¢B {¶©çÌøpÍO̯Ó(´¶øpâ´¶ÖÌ|C^ðÜñ¾àeðñ ·éÛ̯Ó)ȵÅgÁÄ¢½¾¢Ä©Ü¢Ü¹ñB hL gÌ´¶Rs[ðüÏ/zz·éÛÍAì Ì\¦â±ÌÂ𠪶ÉÜÜêÄ¢éÀèÂ\Å·B ū龯½ÌªìűÌîñªy·é±Æó]µÜ·Bµ©µhL gÌì ÍÛì³êÜ·µÄzz·éêÍͯoĺ³¢B 2. IPGCAX IPGCAX(IP aliasing)ͼzzXg}VðÒ·é½ßÉÝè·éJ [lIvV̱ÆÅ·Bmini-HOWTOª·ÅÉ éÌű¿çðQÆµÄ ¾³¢ (IP aliasing)BÝèû@Ì¿âÈǪµíêĢܷB (óFï ÌIÈGCAXÌÝèBJ[lIvVÅGCAXIvVðIð µÄJ[lÌÄ\zðµÜ·B»ÌãrootÅ ifconfig eth0:0 (ÇÁ·éIP) route add -host (ÇÁ·éIP) dev eth0:0 ƵܷBÚµÍuNET-2/3-HOWTOvÌ13.11.2.1ðQƵĺ³¢)B 3. o[`f[(virtuald) 3.1. ÇÌæ¤È®ìð·é© lbg[NÚ±Í"IPAhX"Æ"|[gÔ"ÌyA©çÈÁĢܷB lbg[NvO~OÌAPI(Applications Program Interface)Ísockets apiÆÄÎêÜ·B\PbgÍJ¢½t@CÌæ¤É U¢A±êÉηéÇÝ«ð·é±ÆÅlbg[NoRÅf[^ðâè ÆèªÅ«Ü·B [J\PbgÌIPAhXðÔ·t@NVR[getsockname ª èÜ·B virtualdÍgetsockname(óF/lib/libc.so)ðAÇÌ[J}VÌIPª ANZX³êÄ¢é©ðßéÌÉp¢Ü·B VirtualdÍÝèt@CðÇ ÝÝA»ÌIPÉηéfBNgð澵ܷB»ÌfBNgÉ chrootµ½ãAÀÛÉsíêéT[rXÉÚ±ðø«nµÜ·B chroot Í[gfBNg'/' ðÊÌfBNgÉZbgµ¼µA» ÌfBNg(Vµ¢[gfBNg)æèàãÉ éSÄÌàÌÍÀs ³êÄ¢évO©çÍ©¦Ü¹ñ(Ø裳êÜ·)B±¤µÄeIPAh XÍ»ê¼ê̼zt@CVXeð澵ܷB±êÍlbg[Nv O©çͧßIÈÌÅ(ãÉ¢½æ¤ÈìÍBµÄ éÌÅ)Av OͽàÈ©Á½©Ìæ¤É®ìµÜ·B ±Ìæ¤ÉµÄAinetdÆ¢Á½vOÆA³ê½Virtuald Í¢ë¢ë ÈT[rXð¼z»µÄg¤±ÆªÅ«éÌÅ·B 3.2. inetd InetdÍ¡Ì|[gðĵAÚ±ª Á½êÉ(á¦Îpopvª Á½ Æ«ÈÇÉ)lbg[NlSVG[VsÁÄwè³ê½vOÉÚ ±ðø«n·X[p[T[oÅ·B±êÉæèAKvªÈĽàµÄ¢È¢ T[oªÈ¢æ¤ÉµÜ·B WIÈ /etc/inetd.conft@CÍ ftp stream tcp nowait root /usr/sbin/tcpd wu.ftpd -l -a pop-3 stream tcp nowait root /usr/sbin/tcpd in.qpop -s ÆÈèÜ·B(óFpop-3Ípop3ÌêÍpop3ɵĺ³¢)B ܽ¼zIÈ/etc/inetd.conft@CÍ ftp stream tcp nowait root /usr/bin/virtuald virtuald /virtual/conf.ftp wu.ftpd -l -a pop-3 stream tcp nowait root /usr/bin/virtuald virtuald /virtual/conf.pop in.qpop -s ÆÈèÜ·B 3.3. virtual.conf »ê¼êÌT[rXÉηéIPÆfBNgðRg[·é conft@Cð澵ܷBêÂÌ}X^[conft@Cª èAܽhC ÌÙÈéXgÌT[rXªKvÈÆ«Í»êɶ½conft@CðpÓ ·é±ÆªÅ«Ü·Bvirtual.confÍȺÌæ¤ÈàeÅ·B # This is a comment and so are blank lines # Format IP <SPACE> dir <NOSPACES> 10.10.10.129 /virtual/foo.bar.com 10.10.10.130 /virtual/bar.foo.com 10.10.10.157 /virtual/boo.la.com (óFÀÛÌgÍeÝè«Éí¹Ä«·¦Äº³¢B»µÄ±Ì t@CÍ(ãÌinitd.confÌÝèÉí¹½)YfBNg¨æÑt@C ¼ÉRs[µÜ·)B 3.4. virtualdÌ\[X (óF±ÌVirtualdÌ\[XÍ gcc -o viturald virtuald.cƵÄRpC Å«Ü·Bܽã̶ÍÆí¹é½ßÉ/usr/binÉRs[µÜ·) ______________________________________________________________________ #include <netinet/in.h> #include <sys/socket.h> #include <arpa/inet.h> #include <stdarg.h> #include <string.h> #include <syslog.h> #include <stdio.h> #define BUFSIZE 8192 main(int argc,char **argv) { char buffer[BUFSIZE]; char *ipaddr,*dir; logit("Virtuald Starting: $Revision: 1.2 $"); if (!argv[1]) { logit("invalid arguments: no conf file"); quitting_virtuald(0); } if (!argv[2]) { logit("invalid arguments: no program to run"); quitting_virtuald(0); } if (getipaddr(&ipaddr)) { logit("getipaddr failed"); quitting_virtuald(0); } sprintf(buffer,"Incoming ip: %s",ipaddr); logit(buffer); if (iptodir(&dir,ipaddr,argv[1])) { logit("iptodir failed"); quitting_virtuald(0); } if (chroot(dir)<0) { logit("chroot failed: %m"); quitting_virtuald(0); } sprintf(buffer,"Chroot dir: %s",dir); logit(buffer); if (chdir("/")<0) { logit("chdir failed: %m"); quitting_virtuald(0); } if (execvp(argv[2],argv+2)<0) { logit("execvp failed: %m"); quitting_virtuald(0); } } int logit(char *buf) { openlog("virtuald",LOG_PID,LOG_DAEMON); syslog(LOG_ERR,buf); closelog(); return 0; } int quitting_virtuald(int retval) { exit(retval); return 0; } int getipaddr(char **ipaddr) { struct sockaddr_in virtual_addr; static char ipaddrbuf[BUFSIZE]; int virtual_len; char *ipptr; virtual_len=sizeof(virtual_addr); if (getsockname(0,(struct sockaddr *)&virtual_addr,&virtual_len)<0) { logit("getipaddr: getsockname failed: %m"); return -1; } if (!(ipptr=inet_ntoa(virtual_addr.sin_addr))) { logit("getipaddr: inet_ntoa failed: %m"); return -1; } strncpy(ipaddrbuf,ipptr,sizeof(ipaddrbuf)-1); *ipaddr=ipaddrbuf; return 0; } int iptodir(char **dir,char *ipaddr,char *filename) { char buffer[BUFSIZE],*bufptr; static char dirbuf[BUFSIZE]; FILE *fp; if (!(fp=fopen(filename,"r"))) { logit("iptodir: fopen failed: %m"); return -1; } *dir=NULL; while(fgets(buffer,BUFSIZE,fp)) { buffer[strlen(buffer)-1]=0; if (*buffer=='#' || *buffer==0) continue; if (!(bufptr=strchr(buffer,' '))) { logit("iptodir: strchr failed"); return -1; } *bufptr++=0; if (!strcmp(buffer,ipaddr)) { strncpy(dirbuf,bufptr,sizeof(dirbuf)-1); *dir=dirbuf; break; } } if (fclose(fp)==EOF) { logit("iptodir: fclose failed: %m"); return -1; } if (!*dir) { logit("iptodir: ip not found in conf file"); return -1; } return 0; } ______________________________________________________________________ 4. ¼zXNvg(Virt scripts) 4.1. virtfs ehCÍ»ê¼êÌfBNg\¢ðÁĢܷB chroot ðgÁÄ ¢éÌÅVFACu(shared libraries), oCi, conf t@C Ì d¡µ½Rs[ªKvÉÈèÜ·BÒÍehCpÌ /virtual/domain.comðìèA»ê¼êÉRs[µÄgÁĢܷB»Ì½ß ½ÌfBXNXy[Xðg¢Ü·ªVµ¢}Vâlbg[NJ[hðw ü·éæèÍÀ¿Åµå¤BàµfBXNXy[Xðßñµ½¢ÌÈç»ê¼ êÌt@CðN·êÎÔɢܷ (óF±ÌNÍV{bN NÅÍ èܹñ)B ±±ÅvirtfsXNvgÌáð °Ü·B ______________________________________________________________________ #!/bin/bash echo '$Revision: 1.2 $' echo -n "Enter the domain name: " read domain if [ "$domain" = "" ] then echo Nothing entered: aborting exit 0 fi leadingdir=/virtual echo -n "Enter leading dir: (Enter for default: $leadingdir): " read ans if [ "$ans" != "" ] then leadingdir=$ans fi newdir=$leadingdir/$domain if [ -d "$newdir" ] then echo New directory: $newdir: ALREADY exists exit 0 else echo New directory: $newdir fi echo Create $newdir mkdir -p $newdir echo Create bin cp -pdR /bin $newdir echo Create dev cp -pdR /dev $newdir echo Create dev/log ln -f /virtual/log $newdir/dev/log echo Create etc mkdir -p $newdir/etc for i in /etc/* do if [ -d "$i" ] then continue fi cp -pd $i $newdir/etc done echo Create etc/skel mkdir -p $newdir/etc/skel echo Create home for i in a b c d e f g h i j k l m n o p q r s t u v w x y z # (óF±±Ì[a-z]Í»ê¼êÝè·é[U[¼ÉÏXµÜ·) do mkdir -p $newdir/home/$i done echo Create home/c/crc mkdir -p $newdir/home/c/crc chown crc.users $newdir/home/c/crc # (óF±±àÝèµ½[U[Éí¹ÄÏXµÄº³¢) echo Create lib mkdir -p $newdir/lib for i in /lib/* do if [ -d "$i" ] then continue fi cp -pd $i $newdir/lib done echo Create proc mkdir -p $newdir/proc echo Create sbin cp -pdR /sbin $newdir echo Create tmp mkdir -p -m 0777 $newdir/tmp chmod +t $newdir/tmp echo Create usr mkdir -p $newdir/usr echo Create usr/bin cp -pdR /usr/bin $newdir/usr echo Create usr/lib mkdir -p $newdir/usr/lib echo Create usr/lib/locale cp -pdR /usr/lib/locale $newdir/usr/lib # (óF±±ÌfBNgKÉÏXµÜ·) echo Create usr/lib/terminfo cp -pdR /usr/lib/terminfo $newdir/usr/lib echo Create usr/lib/zoneinfo cp -pdR /usr/lib/zoneinfo $newdir/usr/lib echo Create usr/lib/\*.so\* cp -pdR /usr/lib/*.so* $newdir/usr/lib echo Create usr/sbin cp -pdR /usr/sbin $newdir/usr echo Linking usr/tmp ln -s /tmp $newdir/usr/tmp echo Create var mkdir -p $newdir/var echo Create var/lock cp -pdR /var/lock $newdir/var echo Create var/log mkdir -p $newdir/var/log echo Create var/log/wtmp cp /dev/null $newdir/var/log/wtmp echo Create var/run cp -pdR /var/run $newdir/var echo Create var/run/utmp cp /dev/null $newdir/var/run/utmp echo Create var/spool cp -pdR /var/spool $newdir/var echo Linking var/tmp ln -s /tmp $newdir/var/tmp echo Create var/www/html mkdir -p $newdir/var/www/html chown webmast.www $newdir/var/www/html # (óF±±ÌchownàKÉÏXµÄ¨¢Äº³¢BȺ¯l) chmod g+s $newdir/var/www/html echo Create var/www/master mkdir -p $newdir/var/www/master chown webmast.www $newdir/var/www/master echo Create var/www/server mkdir -p $newdir/var/www/server chown webmast.www $newdir/var/www/server exit 0 ______________________________________________________________________ 4.2. virtexec ¼z«ÅR}hðÀs·éÉÍ»ÌfBNgÖ chroot µÄ©çÀs µÜ·B±±ÅR}hðì·évirtexecðÄÑo·VFXNvgð «Üµ½B (óFȺÌR[hðØèæÁÄ/usr/binfBNgÉRs[ µÜ·B®«ÌÏX(chmod +x)ðµÄ¨¢Äº³¢)B ______________________________________________________________________ #!/bin/sh echo '$Revision: 1.2 $' BNAME=`basename $0` FIRST4CHAR=`echo $BNAME | cut -c1-4` REALBNAME=`echo $BNAME | cut -c5-` if [ "$BNAME" = "virtexec" ] then echo Cannot run virtexec directly: NEED a symlink exit 0 fi if [ "$FIRST4CHAR" != "virt" ] then echo Symlink not a virt function exit 0 fi list="" num=1 for i in /virtual/* do if [ ! -d "$i" ] then continue fi if [ "$i" = "/virtual/lost+found" ] then continue fi list="$list $i $num" num=`expr $num + 1` done if [ "$list" = "" ] then echo No virtual environments exist exit 0 fi dialog --clear --title 'Virtexec' --menu Pick 20 70 12 $list 2> /tmp/menu.$$ if [ "$?" = "0" ] then newdir=`cat /tmp/menu.$$` else newdir="" fi tput clear rm -f /tmp/menu.$$ echo '$Revision: 1.2 $' if [ ! -d "$newdir" ] then echo New directory: $newdir: NOT EXIST exit 0 else echo New directory: $newdir fi echo bname: $BNAME echo realbname: $REALBNAME if [ "$*" = "" ] then echo args: none else echo args: $* fi echo Changing to $newdir cd $newdir echo Running program $REALBNAME chroot $newdir $REALBNAME $* exit 0 ______________________________________________________________________ ±êðÀs·éÉÍe©ÌVXeÉ dialog vOªCXg[³ê Ä¢éKvª èÜ·Bӵľ³¢B (óFdialog = VFXN vg©ç_CAO{bNXðJR}hÅ·BÙÆñÇÌVXeÅÍC Xg[³êĢܷ)B virtexecðg¤½ßÉV{bNNðÍè Ü·Bá¦ÎA ln -s /usr/bin/virtexec /usr/bin/virtpasswd ln -s /usr/bin/virtexec /usr/bin/virtvi ln -s /usr/bin/virtexec /usr/bin/virtpico ln -s /usr/bin/virtexec /usr/bin/virtemacs ln -s /usr/bin/virtexec /usr/bin/virtmailq ±±ÅvirtviAvirtpasswdAvirtmailqÆüÍ·êλê¼êviªN®µ½ èA[U[ÌpX[hªÏXÅ«½èA¼zVXeãÌ[L [ð `FbNÅ«½èµÜ·BKvɶÄàÁƽNðÍé±ÆàÅ«Ü ·Bµ©µvOªVFACu(shared library)ðKvÆ·éÆ« ͼzt@CVXeãÉȯêÎÈèܹñBoCit@Cà¯lÉ ¼zt@CVXeãÉȯêÎÈèܹñB 4.3. virtfsÆvirtexecÉÖ·éÓ ÒÍSÄÌXNvgð/usr/binÉCXg[µÄ¢Ü·B¼zt@C VXeãÉu«½È¢àÌÍ/usr/localÉu¢Ä¢Ü·BXNvgÍR s[ÉÖµÄÈÉà^b`µÈ¢æ¤ÉµÜ·B¼zt@CVXeÔÅÜ ½ªçÈ¢±ÆªdvÈSÄÌt@CÍíµÈÄÍ¢¯Ü¹ñBᦠÎAÒÌVXeÉÍsshªCXg[³êĢܷªAvCx[gL [ (private key)ÍÇ̼zt@CVXe©ç੦éæ¤É͵½ èܹñB»±ÅvirtfsðÀsµ½ãÉ»ê¼ê̼zt@CVXe©ç vCx[gL[ðíµÄ¢Ü·B (óFsshÍSecure ShelḻÆÅ ·Bsecure authentication, encryption, encrypted X11 connections, encrypted TCP/IP forwarding ðàÁ½[gOCvOÅ,K ÈA[JCuT[oÌ archives/net/ssh/fBNgÈÇ©çüèÅ«Ü ·) ܽresolv.conf(óF DNSîñÈÇ /etc/resolv.conf) àÏXµ¼Ìh C¼ª ét@CÍSÄÚ®µÄ¢Ü·Bá¦Î /etc/hosts â /etc/HOSTNAMEÈÇÅ·B virtexecÉV{bNNðÍÁÄ¢évOÍ o virtpasswd -- pX[hÏX o virtadduser -- [U[ÇÁ o virtdeluser -- [U[í o virtsmbstatus -- samba status o virtvi -- t@CÌÒW o virtmailq -- mailqÌ`FbN o virtnewaliases -- GCAXe[uÄ\z Å·B 5. DNS DNSÍÊÉÝèÅ«Ü·B±ÌVXeÌÇ¢_ÍASÄÌT[rXɨ¢ Ä}Vª(ÀÍêäÉà©©íç¸)í©êÄ¢é©Ìæ¤ÉU¤Æ¢¤± ÆÅ·B DNSÉÖ·éHOWTOÍ DNS ðQƵľ³¢B 6. Syslog 6.1. âè_ syslogÍUNIXVXeŤʵÄgíêéVXeO[eBeBÅ·B (óFsyslog=J[l(kernel)ÌbZ[WEOEobt@[ðÇñ¾ èÁ(clear)µ½è·é)B syslogÍFIFO(First In First Out)ÆÄÎêé XyVt@CðJf[Å·BFIFOÍpCv(pipe)ɽXyV t@CÅ·B syslogf[Í[hTCh©çÌf[^ðÒ¿AC gTChÉ«Þ½ßÌ CÖª èÜ·B൱êçÌCÖÅvO ð¯ÎoÍÍsyslogÉüèÜ·B chroot «ðgÁÄ¢ÄAFIFO /dev/logͼz«ÉͶݵȢ±ÆÉ ÓµÄº³¢B±êÍSÄ̼z«ªsyslogÖÌL^ªÅ«È¢Æ¢¤± ÆðÓ¡µÄ¢Ü·BvOÍVµìÁ½àÌÌãíèƵÄ/dev/log ðg¦È¢ÌÅAt@CðPÉRs[·é±ÆàūܹñB syslogÌÁèÌo[WÉÍudp\PbgðFIFOÌãíèÉgÁÄ¢éàÌ à èÜ·ªA±êÍêÊIȱÆÅÍ èܹñB 6.2. ðû@ syslogÍAR}hCÅwè·êÎAÙÈéFIFOðTµÜ·Bá¦ÎȺ Ìæ¤ÉµÜ·B syslog -p /virtual/log »µÄ/dev/logð/virtual/logÉNðÍèÜ·(V{bNN)B ln -sf /virtual/log /dev/log ¬ÉȺÌæ¤ÉµÄ±Ìt@CÉSÄÌ/dev/logðNµÜ· (±ê Ín[hNÅV{bNNÅÍÈ¢±ÆÉÓ)B ln /virtual/log /virtual/domain.com/dev/log ãLÌvirtfsXNvgÅÍ·ÅɱêðsÁĢܷB/virtualÍêÂÌA ±µ½fBXNÉ èA/dev/logÍN³êÄ¢éÌů¶inode Ô©Â ¯¶f[^ðw·±ÆÉÈèÜ·BchrootͱêðXgbvÅ«È¢ÌÅSÄ Ì¼z/dev/logÍ@\µÜ·BS«©çÌbZ[WÍêÂÌêÉL^³ êÜ·Bµ©µàµvOð«½ÈA»ê¼êlog t@C𪯠½¢Æ¢¤êÍȺÌæ¤ÉµÄÊXÉsyslogðg¤±ÆàÅ«Ü·B syslog -p /virtual/domain1.com/dev/log syslog -p /virtual/domain2.com/dev/log àÁÆ౤·é±ÆÍvZXIDÌQïÈÌŨ§ßµÜ¹ñB±Ìo[ WÌsyslog.initÍAsKØÈÝ誳êÄ¢éêÉÍN®·éxÉ ñ /dev/log ÉÄNµÄµÜ¢Ü·BȺAC³µ½syslog.initt@C ð°Ä¨«Ü·B ______________________________________________________________________ #!/bin/sh # Source function library. . /etc/rc.d/init.d/functions case "$1" in start) echo -n "Starting dev log: " ln -sf /virtual/log /dev/log echo done echo -n "Starting system loggers: " daemon syslogd -p /virtual/log daemon klogd echo echo -n "Starting virtual dev log: " for i in /virtual/* do if [ ! -d "$i" ] then continue fi if [ "$i" = "/virtual/lost+found" ] then continue fi ln -f /virtual/log $i/dev/log echo -n "." done echo " done" touch /var/lock/subsys/syslog ;; stop) echo -n "Shutting down system loggers: " killproc syslogd killproc klogd echo rm -f /var/lock/subsys/syslog ;; *) echo "Usage: syslog {start|stop}" exit 1 esac exit 0 ______________________________________________________________________ êäÌfBXNÉSÄ̼zt@CVXeðu©ÈÄà梱ÆÉÓ µÄº³¢BàÁÆàfBXNãɼzt@CVXeðÂep[eB VpÌsyslogðÀsµÈ¯êÎÈçȢŵå¤B 7. ¼zFTP Wu-ftpdà¼z»µÄg¤æ¤ÉÝèÅ«Ü·(óFuVirtual-wu-ftpdv (gõ KY³ñó)àoÄ¢éÌÅ»¿çàQƵĺ³¢)Bµ©µehC ÅpX[ht@Cðí¯½óÔÉÍūܹñBá¦Îൠbob@domain1.com Æ bob@domain2.com ̼ûªAJEgðKvƵ½ê AÇ¿ç©êûðbob2Ƶ½èµÜ·BÂÜè᤼OÉ·éKvª èÜ ·BehC̼zt@CVXeª éóÔÈÌÅpX[ht@C ðí¯ÄµÜ¦Î±ÌâèÍðÁµÜ·BvirtnewuserXNvgÆ virtpasswdXNvgðãÉ¢½æ¤Èû@ÅìÁÄÝèµÄ¾³¢B¼ zt@CVXeÉæÁÄe¼z«ãÅe¿ðó¯é±ÆÈanonymous ftp ðs¤±ÆªÅ«Ü·B inetd.confÉwu-ftpðGgµÜ·B ftp stream tcp nowait root /usr/bin/virtuald virtuald /virtual/conf.ftp wu.ftpd -l -a 8. ¼zWeb ApacheÍ»ê©gżzhCðT|[gµÄ¢Ü·Bà¼zhC JjYðg¤±ÆðÒª§µÄ¢évOÅ·BinetdðʵĽ ©Às·éÍRXgª©©èÜ·B±ÌêAvOÍÀs·éÉX ^[g¹ËÎÈèܹñBÂÜèwebT[rXÉÍsü«Èx¢Å éÆ ¢¤±ÆðÓ¡µÄ¢Ü·B ApacheͽÌANZXª¶¶½ÌÚ±ð~ ßéJjYàÁĢܷB àµinetdðʳ¸Apacheðg¢êÍinetd.conft@CÉȺÌsðÇÁ µÄ¾³¢B www stream tcp nowait www /usr/bin/virtuald \ virtuald /virtual/conf.www httpd -f /var/www/conf/httpd.conf »µÄ /var/www/conf/httpd.conft@C(óF«ÉæÁÄ httpd.confª éêÍá¢Ü·)ÉȺÌæ¤É¾LµÜ·B ServerType inetd ftHgÅÍ"standalone"ðÝèµÄ¢Ü·B ÆÍVOhCÅ gÁÄ¢½Æ¯¶æ¤ÉApacheT[oÌÝèðµÜ·B ±êð¢Ä¢é_Åͼzweb HOWTOÍ èܹñ (óF uVirtual-Web-HOWTOvª»ÝÍoĢܷ)Bµ©µ±êªoÄé¾ë¤Æ v¢Ü·BâªÄÍ»ÌHOWTOðQƵı±É±¤Æv¢Ü·BàµÜ¾ oı¸AvªoĽçApache¼zzXgÌÝèû@É¢ÄÌÍð ÂàèÅ·B 9. ¼zIÈMail/Pop 9.1. Qmail ÌÓ_ ±ÌÍÍsendmailÌÝÉÖ·éàeÅ·BqmailÌÍÍHOWTOÌÌo[W ÅÇÁµÜ·(óFQmailÉÖ·é}j AÍuQmail+MHvÈǪoÄ¢Ü ·)B 9.2. âè »ÝA¼z[ÌT|[gÉÖ·évÍÜ·Ü·¦Ä¢Ü ·BSendmailͼz[ðT|[g·éƾÁĢܷªA»ÌàeÍÙÈ éhC©çÌ[æèÝ̱ÆÌæ¤Å·B[ðDZ©ÉtH [h³¹éÆ¢¤±ÆªÅ«Ü·Bµ©µàµ[J}VÉtH[hµ ½èbob@domain1.comAbob@domain2.comÉ[ªéêÈÇÅͯ¶[ tH_ɽÜÁĵܤŵå¤B±êÍ bob¶Ì[ªÀÛÍá¤l ¶Ågàá¤Ì¾©çâèÅ·B 9.3. «¢ðû@ [U[¼ÉÔðÇÁ(á¦Îbob1, bob2ÈÇ)µ½èAªÉ¶ðüêÄ dom1bob, dom2bobɵ½è·é±ÆÉæÁÄ[U[ÌêÓ«(unique)ðÛØ ·é±ÆÍÅ«Ü·B±êð ÅÏ··éæ¤É mailâpop ðnbN(hack) ·é±ÆàÅ«Ü·ª¢(messy)û@Å·BoÄ¢ûÌ[àܽo[ i[(wb_)Émaindomain.comªÂ¢Ä¢ÄeTuhCÌ[o[i[ àáÁ½àÌɵ½¢ÌÅ·B 9.4. Ç¢ðû@ e¼zt@CVXeÉehCpÌ/etc/passwdðpӵĢܷB± êÍbob@domain1.comÆbob@domain2.comªAÊXÌ /etc/passwdãÌá¤[ U[Å èA[ÌguÍȢƢ¤±ÆÉÈèÜ·B±Ì[U[B ÉÍ©ªpÌspoolfBNgªpÓ³êÄ¢ÄAe¼zt@CVXe ãÌ[tH_ÍÝ¢Éá¤àÌÅ é±ÆÉÈèÜ·B µ©µAsendmailÍ¿åÁƵ½\[XR[hÌC³ªKvÅ·B sendmailÍ/etc/sendmail.cwÆÄÎêét@CðÁĢܷB±ê Ísendmailª¼ÌzXgÉ]µÈ¢Å[JÉz·éSÄÌzXg¼ð ÜñÅ¢ét@CÅ·B sendmailÍ}VãÌSfoCXÌà`FbNðA[JIPűÌXg ðú»·é½ßÉs¢Ü·B൯¶}Vã̼zhCÔÅ[ð éêAâèªoīĵܢܷBsendmailÉͼ̼zhCª[ JAhXÅ èA[à[JÉXv[·éÆ¢¤l¦ÍÈ¢ÌÅ ·B á¦Îbob@domain1.com³ñªfred@domain2.comÉ[ðÁ½ÆµÜ ·Bdomain1.comÌsendmailÍdomain2.comª[JÅ éÆ»f·éÌ Ådomain1.comÉ[ðXv[µÄµÜ¢AÊÆµÄ domain2.comÉ [ªÍ±ÆÍ èܹñB»±ÅsendmailðC³µÄâèÜ·(Ò Ív8.8.5Ìsendmailűêðs¢AÁÉâèÍ èܹ ñ)Bsrc/main.cÌ494sÓèðÒWµÜ·B sendmailÌ\[XÍKÈTC gâfBXgr [VCDROM©çüèÅ«Ü·B vi v8.8.5/src/main.c # Approximately Line 493 ƵÄA load_if_names(); Æ¢¤Óð /* load_if_names(); Commented out since hurts virtual */ ÆRgAEgµÄµÜ¢Ü·(óF±ÌÖÍC^[tF[X̸ ÆÇÁ¼Ìêðµß·ÖÅconf.c line 4399ɱÌ̪֩ èÜ ·BIPXgÌXLÈÇðsÁĢܷ)BർzhCÔÌ[ MªKvÈç±êðs¤¾¯Å梱ÆÉӵĺ³¢B âèÍð³ê½ÌÅ·ªACÌC[TlbgfoCXeth0Íí³êÄ ¢Ü¹ñB»±ÅA൯ê}V̼zIP©çeth0ãÌIPÉ[ðéê Í[JÉçêÜ·BÒÍ_~[IPvirtual1.domain.com (10.10.10.157)ƵÄgÁĢܷB±ÌzXgÉÍ[ðçÈ¢ÌÅÇ Ì¼zhCà¢èܹñB±êÍVXeªåäv©Ç¤©`FbN·é ½ßÉ sshÅOC·éÉg¤IPÅà èÜ·B /etc/sendmail.cwÌÒW vi /etc/sendmail.cw mail.domain1.com domain1.com domain1 localhost m4ðgÁÄ/etc/sendmail.cfðD«Èæ¤ÉìèÜ·BÒÍȺÌæ¤Èà Ìðg¢Üµ½B divert(0)dnl VERSIONID(`@(#)tcpproto.mc 8.5 (Berkeley) 3/23/96') OSTYPE(linux) FEATURE(redirect) FEATURE(always_add_domain) FEATURE(use_cw_file) FEATURE(local_procmail) MAILER(local) MAILER(smtp) (óFm4ÍUNIX}NvZbTÅA½¢Ä¢ÌVXeÉüÁĢܷB ÅVo[WÍftp://prep.ai.mit.edu/pub/gnu/©çüèÅ«Ü·Bm4 linux.mc > /etc/sendmail.cfÈÇƵÄg¢Ü·B m4Ìá ª/usr/lib/m4-exampleÉ èÜ·BIvVÍm4 --help Ų×ĺ³¢) /etc/sendmail.cfð¼zhC·éæ¤ÉÒWB vi /etc/sendmail.cf # 86sÓèðÒW # my official SMTP hostname (defined automatically) #Dj$w.Foo.COM Æ¢¤Óª éÌÅA±êð # my official SMTP hostname (defined automatically) Djdomain1.com ƵĨ«Ü·B sendmailÍ»ê©gÅÍ»ÌT[rXðnßé±ÆªÅ«¸Ainetdð浀 N®·éKvª èÜ·B±êÍðɧ±ÆÅàÈN®ÔðxµÄ¢ 龯ŵå¤BÇÒª¬ÈTCgðǵĢéÈç¼z}VãÉ¼Ì hCðèL³¹é׫ÅÍÈ¢©àµêܹñB -bd tOðt¯ÄN®·é±Æ͵ĵȢź³¢B (óF±Ìt OÍsendmailðf[ƵÄN®·éIvVÅ·Bíµ¢±Æ Íman sendmailµÄº³¢)BܽehCÅzµÄ¢È¢[ðè o·(queue up)·é½ßÉ sendmail -qÆÀs·éKvª é±ÆÉ ¾³¢B #!/bin/sh # Source function library. . /etc/rc.d/init.d/functions case "$1" in start) echo -n "Starting sendmail: " daemon sendmail -q1h echo echo -n "Starting virtual sendmail: " for i in /virtual/* do if [ ! -d "$i" ] then continue fi if [ "$i" = "/virtual/lost+found" ] then continue fi chroot $i sendmail -q1h echo -n "." done echo " done" touch /var/lock/subsys/sendmail ;; stop) echo -n "Stopping sendmail: " killproc sendmail echo rm -f /var/lock/subsys/sendmail ;; *) echo "Usage: sendmail {start|stop}" exit 1 esac exit 0 popÍÁɽ๸ÉCXg[µÄµÜ¢Ü·BvirtualdÌp[gðÇÁ µ½ãÅ inetdÌGg[ð·é±ÆªKvÅ·BsendmailÆpopÉÖ· éinetd.confÌGgÍA pop-3 stream tcp nowait root /usr/bin/virtuald virtuald /virtual/conf.pop in.qpop -s smtp stream tcp nowait root /usr/bin/virtuald virtuald /virtual/conf.mail sendmail -bs ÆÈèÜ·B 10. »Ì¼¼zIÉÅ«é±Æ ¼ÌT[rX௶æ¤ÈèÅ·B o ¼zt@CVXeÉoCiACut@CðÇÁ o /etc/inetd.confÌÇÁ o /virtual/conf.serviceðìé o KvɶļzXNvgðÒW·é sambapbP[WÆEudoraðgÁÄ̼zpoppassdðµÄÝܵ½BÇ¿ çàâèÈ®ìµÄ¢Ü·BàµàÁÆ»¡ª êμzsambaÌCX g[û@É¢ÄÌÍàݯ½¢Æl¦Ä¢Ü·B 11. ÜÆß ÈãªKvÈìÆÅ·B±Ì¶ÉæÁÄlÑÆÌOü«È½Éoï¦é± ÆðúҵĢܷBAÍ Computer Resource Center ÜŨ袢½µÜ ·Bàµ^âÈ_âhL gÌAbvf[gÈÇ èܵ½ç³¦Äº³ ¢B¡ãÌHOWTOÉÇÁµ½¢Æv¢Ü·B 12. FAQ Q1. ǤµÄ±ÌFAQÉ¢ĿâªÈ¢ÌÅ·©H A1. ܾ¾êà¿âµÄÈ¢©çÅ·B (óFÈã±±ÜŪ´¶) 13. ìÆ 13.1. virtfsÉ墀 Às·éÆ Enter the domain name: domain.com Enter leading dir: (Enter for default: /virtual): Æ·©êÜ·B»ê¼êü͵ĺ³¢BãÌáÅÍȺÌæ¤ÈfBNg ªìçêAKÈt@Cª»ê¼êÌfBNgÉRs[³êÜ·B /virtual/domain.com/ |- bin |- dev |- etc |- home |- lib |- proc |- sbin |- tmp |- usr |- var \-log 13.2. »Ì¼ÌG[ 13.2.1. /var/log/syslog: Dec 22 23:28:46 kaien virtuald[298]: Virtuald Starting: $Revision: 1.2 $ Dec 22 23:28:46 kaien virtuald[298]: getipaddr: getsockname failed: Socket opera Dec 22 23:28:46 kaien virtuald[298]: getipaddr failed ======> ip-aliasªÝè³êĢܹñB Dec 23 00:30:26 kaien virtuald[1132]: Virtuald Starting: $Revision: 1.2 $ Dec 23 00:30:26 kaien virtuald[1132]: Incoming ip: 192.168.1.1 Dec 23 00:30:26 kaien virtuald[1132]: iptodir: fopen failed: No such file or dir Dec 23 00:30:26 kaien virtuald[1132]: iptodir failed ======> /etc/initd.confÉÝèµ½conft@Cª èܹñB 13.2.2. FTP ftp Í /virtual/etc/passwdÅÝèµ½[U[ÅloginÅ«Ü·B áF Connected to 192.168.1.4. <=== IP-alias address 220 kaien FTP server (Version wu-2.4(1) Tue Dec 5 20:51:15 CST 1995) ready. Name (192.168.1.4:apple): 331 Password required for hogehoge 230-No directory! Logging in with home=/ ===>±êÍܾ /virtual/home/hogehogeðìÁĢȢ©çB 230 User hogehoge logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp> 221 Goodbye. 13.2.3. Mail 13.2.4. Web [óÒ F ɲ¡ N (isaji@mxu.meshnet.or.jp) Z³ F ¡´ Póñ (fujiwara@cim.pe.u-tokyo.ac.jp) ]