On Tue, Apr 3, 2012 at 5:07 PM, Nicholas MIller <nick.kyky@gmail.com> wrote:
On Apr 3, 2012 3:59 PM, "Kaiting Chen" <kaitocracy@gmail.com> wrote:
On Tue, Apr 3, 2012 at 4:56 PM, Nicholas MIller <nick.kyky@gmail.com>
wrote:
hello
I currently host my personal webpage from a virtual machine at my
house. I
am looking to add a mailserver as well as an irc server. however I don't know if I should be using a separate vmachine for each service. I am more concerned about security than resource use. however the publicly reachable IP I have is through an external vpn provider (i believe it is strong vpn). any ideas suggestions would be appreciated.
There's really no reason you need another VM for each of those services. Make sure you have proper privilege separation and you should be fine. --Kaiting.
-- Kiwis and Limes: http://kaitocracy.blogspot.com/
please correct me if I'm wrong but running each service as it's own user without access to anything it doesn't need it's what you mean? and this might be a stupid ? but do you agree with your statement still if I need to use nfs reachable outside my home network
Yeah run each service as an unprivileged user and you should be fine. If security is very critical than run something like SELinux or a similar RBAC system. If you're doing NFS over the internet the best method is to use Kerberos + GSSAPI for authentication and IPsec to secure the channel. --Kaiting. -- Kiwis and Limes: http://kaitocracy.blogspot.com/