Ache4bits

From time to time, I need to provide access to my local Linux servers to certain users to share data. Although these users are trustworthy enough to access my local server and the access is temporary, I prefer to isolate them. This isolation was traditionally achieved using chroot, but chroot has several drawbacks: You need to manually copy all the software and dependencies into the chroot environment. Keeping them updated to avoid security issues requires additional effort. Twenty years ago, in one of my customers we were running a chrooted Postfix installation managing more than 100.000 users on Red Hat Enterprise Linux 5.x. At the same time, we also had chrooted Bind and NTP services running on Debian. One day, after upgrading the RHEL 5.x server where Postfix was running, we noticed that Postfix had stopped sending emails, and its queue was growing rapidly. After some investigation, we realized that while we had upgraded the RHEL 5.x server, we had forgotten to update the chroot en...