[arch-general] how many virtual machines

Kaiting Chen kaitocracy at gmail.com
Tue Apr 3 18:10:12 EDT 2012


On Tue, Apr 3, 2012 at 5:07 PM, Nicholas MIller <nick.kyky at gmail.com> wrote:

> On Apr 3, 2012 3:59 PM, "Kaiting Chen" <kaitocracy at gmail.com> wrote:
> >
> > On Tue, Apr 3, 2012 at 4:56 PM, Nicholas MIller <nick.kyky at gmail.com>
> wrote:
> >
> > > hello
> > >
> > > I currently host my personal webpage from a virtual machine at my
> house.  I
> > > am looking to add a mailserver as well as an irc server.  however I
> don't
> > > know if I should be using a separate vmachine for each service.  I am
> more
> > > concerned about security than resource use.  however the publicly
> reachable
> > > IP I have is through an external vpn provider (i believe it is strong
> > > vpn).  any ideas suggestions would be appreciated.
> > >
> >
> > There's really no reason you need another VM for each of those services.
> > Make sure you have proper privilege separation and you should be fine.
> > --Kaiting.
> >
> > --
> > Kiwis and Limes: http://kaitocracy.blogspot.com/
>
> please correct me if I'm wrong but running each service as it's own user
> without access to anything it doesn't need it's what you mean?  and this
> might be a stupid ? but do you agree with your statement still if I need to
> use nfs reachable outside my home network
>

Yeah run each service as an unprivileged user and you should be fine. If
security is very critical than run something like SELinux or a similar RBAC
system.

If you're doing NFS over the internet the best method is to use Kerberos +
GSSAPI for authentication and IPsec to secure the channel. --Kaiting.

-- 
Kiwis and Limes: http://kaitocracy.blogspot.com/


More information about the arch-general mailing list