h_jinx
11th April 2006, 02:20
Hi,
I recently purchased a dedicated server which runs linux (not sure on the distro) which I have running a number of websites.
In the past I have only had to use cPanel and WHM to manage these, but recently there has been a requirement for an IRC server and Shoutcast server.
I am familiarish with linux and was wondering the best *secure* way to set this up.
Can I create a user for each service with next to no permissions and run them under this user?
I got this advice from another forum:
chmod 755 sc_serv sc_trans*
chmod 644 sc_serv.conf sc_trans.conf
I myself made a user called shoutcast, with no home directory or login shell, then did this
I placed the exes in /usr/local/bin , which is in the path (no duh) and have the configs in /etc
su shoutcast -c sc_serv /etc/sc_serv.conf >/dev/null 2>&1
su shoutcast -c sc_trans_freebsd /etc/sc_trans.conf >/dev/null 2>&1
cool part is shoutcast server (sc_serv) and transcoder sc_trans_freebsd run on the system as shoutcast user, not root so if there was a hack, well heck there is not login shell to begin with in /etc/password for that user
/etc/passwd (example only!!!!)
shoutcast:*:4000:4000:::0:Shoutcast sandbox:/bin/noshell:/bin/sh
You be the judge waht works best for you
This same setup was tested on RH 5.2, 6.0 back in the 'old days', Mandrake 10, FreeBsd 3.2 through FreeBSD 6.0-Release and so on.
Take care.
~ DK
I understand some of it but was wondering if someone could please explain a little further?
Many thanks.
I recently purchased a dedicated server which runs linux (not sure on the distro) which I have running a number of websites.
In the past I have only had to use cPanel and WHM to manage these, but recently there has been a requirement for an IRC server and Shoutcast server.
I am familiarish with linux and was wondering the best *secure* way to set this up.
Can I create a user for each service with next to no permissions and run them under this user?
I got this advice from another forum:
chmod 755 sc_serv sc_trans*
chmod 644 sc_serv.conf sc_trans.conf
I myself made a user called shoutcast, with no home directory or login shell, then did this
I placed the exes in /usr/local/bin , which is in the path (no duh) and have the configs in /etc
su shoutcast -c sc_serv /etc/sc_serv.conf >/dev/null 2>&1
su shoutcast -c sc_trans_freebsd /etc/sc_trans.conf >/dev/null 2>&1
cool part is shoutcast server (sc_serv) and transcoder sc_trans_freebsd run on the system as shoutcast user, not root so if there was a hack, well heck there is not login shell to begin with in /etc/password for that user
/etc/passwd (example only!!!!)
shoutcast:*:4000:4000:::0:Shoutcast sandbox:/bin/noshell:/bin/sh
You be the judge waht works best for you
This same setup was tested on RH 5.2, 6.0 back in the 'old days', Mandrake 10, FreeBsd 3.2 through FreeBSD 6.0-Release and so on.
Take care.
~ DK
I understand some of it but was wondering if someone could please explain a little further?
Many thanks.