Hi,
> I'd like to manage all my web user site ( LAMP base configuration)
> in a secure way with vserver.
> One context per user/site could be usefull to limit damage in case of
> intrusion. How to compartmentilize , without overburden and complicated
> configuration ?
Hmm, the overhead of unified vServer is mininal but running an own
apache instance per customer is only a good idea if your "customers" are
large enough...
I use a very handy setup for a similar purpose - I have one installation
for my apache/proftp combo, that is read-only and "replicated" by
symlinks to the appropriate vserver directories.
Than, within the individual vserver start-script, I map a writabel
partition (one fpr each server) over all path (/var, /etc/apache2,
/etc/proftpd, /webroot) that differ between the servers.
This setup is runnig fine now for half a year, upgrading is an ease, as
I just do a copy of the running root system, upgrade it, fire up a test
server with the new root and - if successfull - migrate the other guests
by shuting them down, moving the symlink and starting up again. The
average downtime is around 30 secs (depends on how fast you can shutdown
your apache)
HTH
Oliver
-- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver