LVE Wrappers
LVE wrappers are the set of tools that allow system administrator to run various users, programs & daemons within Lightweight Virtual Environment. This allows system administrator to have control over system resources such program can have. Additionally it prevents misbehaving programs running within LVE to drain system resources and slow down or take down the whole system. The tools are provided by lve-wrappers RPM.
Placing programs inside LVE
LVE Wrappers provide two tools for placing programs inside LVE: lve_wrapper and lve_suwrapper
LVE_WRAPPER
/bin/lve_wrapper – can be used by any non-root user, as long as that user is in group lve (see /etc/groups file).Syntax:
lve_wrapper <command_to_run>
Example:
$ lve_wrapper make installThe program will be executed within LVE with ID matching user's id.
LVE_SUWRAPPER
/bin/lve_suwrapper – can be used by root user or any user in group lve (see /etc/groupsfile) to execute command within specified LVESyntax:
lve_suwrapper LVE_ID <command_to_run>
Example:
# lve_suwrapper 10000 /etc/init.d/postgresql start
Placing Users inside LVE
Deprecated. See PAM LVE instead
LVE Wrappers provide set of shell wrappers, then wrap popular shells in LVE. This programs can be used in password file, so that each user connected via SSH would be running within LVE. Following shell wrappers are provided:
/bin/lve_bash – bash wrapper
/bin/lve_ksh – ksh wrapper
/bin/lve_pdksh – pdksh wrapper
/bin/lve_tcsh – tcsh wrapper
/bin/lve_zsh – zsh wrapper
/bin/lve_ksh – ksh wrapper
/bin/lve_pdksh – pdksh wrapper
/bin/lve_tcsh – tcsh wrapper
/bin/lve_zsh – zsh wrapper
Placing this wrappers as shell in /etc/password file will make sure that user will get corresponding shell running inside their LVE. LVE Id for the user will match user id.