I recently purchased a dedicated server which runs linux (not sure on the distro) which I have running a number of websites.
In the past I have only had to use cPanel and WHM to manage these, but recently there has been a requirement for an IRC server and Shoutcast server.
I am familiarish with linux and was wondering the best *secure* way to set this up.
Can I create a user for each service with next to no permissions and run them under this user?
I got this advice from another forum:
chmod 755 sc_serv sc_trans*
chmod 644 sc_serv.conf sc_trans.conf
I myself made a user called shoutcast, with no home directory or login shell, then did this
I placed the exes in /usr/local/bin , which is in the path (no duh) and have the configs in /etc
su shoutcast -c sc_serv /etc/sc_serv.conf >/dev/null 2>&1
su shoutcast -c sc_trans_freebsd /etc/sc_trans.conf >/dev/null 2>&1
cool part is shoutcast server (sc_serv) and transcoder sc_trans_freebsd run on the system as shoutcast user, not root so if there was a hack, well heck there is not login shell to begin with in /etc/password for that user
/etc/passwd (example only!!!!)
You be the judge waht works best for you
This same setup was tested on RH 5.2, 6.0 back in the 'old days', Mandrake 10, FreeBsd 3.2 through FreeBSD 6.0-Release and so on.
I understand some of it but was wondering if someone could please explain a little further?