This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
manuals:vps:vpsadminos [2020/09/21 14:47] – [Debian/Ubuntu/Alpine] /etc/network/interfaces.{tail,head} Aither | manuals:vps:vpsadminos [2020/09/21 14:48] – dont mention userns Aither | ||
---|---|---|---|
Line 48: | Line 48: | ||
===== Changes in VPS behaviour ===== | ===== Changes in VPS behaviour ===== | ||
- | ==== User namespaces ==== | ||
- | VPS in vpsAdminOS are using so called //user namespaces// | ||
- | means that your system user and group IDs are mapped to different values on | ||
- | the host. For example, the root user in your VPS has UID 0, but from the | ||
- | host's point of view, its UID is e.g. 666000. Every member has been assigned a | ||
- | unique user namespace, which ensures that your data is isolated from other | ||
- | users. In case an attacker manages to leave the container, he will not be able | ||
- | to access data from VPS belonging to other members. | ||
- | |||
- | Every member is assigned a user namespace of 524288 user/group IDs. It means | ||
- | that you can use UID/GID from 0 to 524287. All VPS from one member are in the | ||
- | same user namespace. In the future, it will be possible to define custom | ||
- | UID/GID maps for VPS and NAS datasets, which will let each member to isolate | ||
- | his own VPS and yet share some chosen range of user/group IDs. | ||
==== General ==== | ==== General ==== |