Hi,
I'd like to manage all my web user site ( LAMP base configuration) in a secure way with vserver. One context per user/site could be usefull to limit damage in case of intrusion. How to compartmentilize , without overburden and complicated configuration ?
Hmm, the overhead of unified vServer is mininal but running an own apache instance per customer is only a good idea if your "customers" are large enough...
I use a very handy setup for a similar purpose - I have one installation for my apache/proftp combo, that is read-only and "replicated" by symlinks to the appropriate vserver directories. Than, within the individual vserver start-script, I map a writabel partition (one fpr each server) over all path (/var, /etc/apache2, /etc/proftpd, /webroot) that differ between the servers.
This setup is runnig fine now for half a year, upgrading is an ease, as I just do a copy of the running root system, upgrade it, fire up a test server with the new root and - if successfull - migrate the other guests by shuting them down, moving the symlink and starting up again. The average downtime is around 30 secs (depends on how fast you can shutdown your apache)
HTH Oliver -- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
