colo
Apprentice
Joined: 21 Mar 2004
Posts: 160
Location: Austria
|
 Posted: Thu Sep 09, 2004 6:41 pm Post subject: Setting up a secure, multi-client&-purpose exposed serve |
 |
|
...on the net.
That's what I want to do 
I recently rent a server at a german dedicated hosting company, and now want to provide some mates of mine with certain services. What I want to realize is basically the same thing big hosting companies got to offer, with just that little bit extra we all are longing for...
I succeeded in installing Gentoo on the system, at the time I'm running a 2.6.7-kernel for about 20 days without any problems until today. However, there are some questions I need to be answered before finally going "productive"
At the time, the server is set up with apache2 (w/ php4-support compiled in and working), mysql and vsftpd. As it will not host thousands of users, and is reachable via just one single domainname, I don't need any virtual hosting capabilities - what I'd like to have is a system tailored around unix login-names. That's basically working for vsftpd and apache, the ~/public_html/-directory is reachable via http://hostname/~username/, and vsftpd correctly chroots users to their homedirectories. What's still in its planning-phase is email-support - I'd like to have each user on the server an email-account of his own, but the only thing I know up to today is I want ssl-encrpyted authentification and imap4 - no pop3-support at all. Are there any comprehensive guides you could recommend me? The _virtual_ mail hosting guide of the Gentoo Handbook Section does not really fit my needs, and besides is written badly in many respects imo.
There's another issue concerning me, too... User-created files and directories are property of the user writing them, the group they're belonging to is "users" (that's the initial group of each user on the machine). Apache runs in the context of "apache:apache", so if it reads files conatined in ~/ of some user, the access-rights for "others" kick in. Is there any way to make Apache adhere to the rights of the "users"-group instead, without leaving its own group, "apache"? It also startles me that user A is able to write to files from user B, if just user A want's apache to be access granted in writing-mode... I just could not figure out how to prevent this from happening...
In general, I'd ike to tighten my server's security up a bit... If you could provide me with any information helping me on tht, I'd gladly and thankfully appreciate it.
Thanks in advance for input of any useful kind,
- colo
_________________
Free Software. Free Sociecty. Better Lives. |
|
Networking & Security
