[arch-general] how many virtual machines
kaitocracy at gmail.com
Tue Apr 3 18:10:12 EDT 2012
On Tue, Apr 3, 2012 at 5:07 PM, Nicholas MIller <nick.kyky at gmail.com> wrote:
> On Apr 3, 2012 3:59 PM, "Kaiting Chen" <kaitocracy at gmail.com> wrote:
> > On Tue, Apr 3, 2012 at 4:56 PM, Nicholas MIller <nick.kyky at gmail.com>
> > > hello
> > >
> > > I currently host my personal webpage from a virtual machine at my
> house. I
> > > am looking to add a mailserver as well as an irc server. however I
> > > know if I should be using a separate vmachine for each service. I am
> > > concerned about security than resource use. however the publicly
> > > IP I have is through an external vpn provider (i believe it is strong
> > > vpn). any ideas suggestions would be appreciated.
> > >
> > There's really no reason you need another VM for each of those services.
> > Make sure you have proper privilege separation and you should be fine.
> > --Kaiting.
> > --
> > Kiwis and Limes: http://kaitocracy.blogspot.com/
> please correct me if I'm wrong but running each service as it's own user
> without access to anything it doesn't need it's what you mean? and this
> might be a stupid ? but do you agree with your statement still if I need to
> use nfs reachable outside my home network
Yeah run each service as an unprivileged user and you should be fine. If
security is very critical than run something like SELinux or a similar RBAC
If you're doing NFS over the internet the best method is to use Kerberos +
GSSAPI for authentication and IPsec to secure the channel. --Kaiting.
Kiwis and Limes: http://kaitocracy.blogspot.com/
More information about the arch-general