Lot of questions here and I'm not quite certain where to put them all, so I'll just file it under Networking and hope for the best.
I'm rebuilding my home server with a set of ports that I use quite frequently. This is an "always on" machine that serves these roles:
I have just two user accounts for login, which would be my own, and root. Installing the ports is going well, and I've had no issues, up until I got to NFS and rsync when I started to get some concerns about security and best-practices. For example, www/lighttpd automagically creates a www user and a document-root under /var/www, databases/mysql-server does the same (mysql, and /var/db/mysql).
I don't have a user for nfsd. I use NFS primarily to just dump files off my desktop when I need space - sort of a NAS. Is it wise to create a user for nfsd, or re-use an existing one, or...? What should I use for the user ID? Where is a good place to put the NFS exported folder?
I don't have a user for rsync, either. It defaults to using "nobody", but that needs to own a folder somewhere too. Should I make an rsync user? Can I reuse the NFS user? Should I put the rsync folder inside my nfs/ folder? Should my rsync folder *be* the nfs/ folder too?
What about all these other users in the /etc/passwd file... can I remove a bunch of them?
I hope I'm making some sense with my questions : ) I know I can do pretty much whatever I want and put the folders all over the place. But I'm not sure if there is a "best" place to put them, or a recommended way to run them with safe permissions.
I'm rebuilding my home server with a set of ports that I use quite frequently. This is an "always on" machine that serves these roles:
- Web Server
- MySQL database (supports the Web server, localhost access only)
- Login server (SSH)
- Version Control for personal projects
- NFS server
- rsync remote-backup host
- ...and a pf firewall to separate between local- and remote- accesses.
I have just two user accounts for login, which would be my own, and root. Installing the ports is going well, and I've had no issues, up until I got to NFS and rsync when I started to get some concerns about security and best-practices. For example, www/lighttpd automagically creates a www user and a document-root under /var/www, databases/mysql-server does the same (mysql, and /var/db/mysql).
I don't have a user for nfsd. I use NFS primarily to just dump files off my desktop when I need space - sort of a NAS. Is it wise to create a user for nfsd, or re-use an existing one, or...? What should I use for the user ID? Where is a good place to put the NFS exported folder?
I don't have a user for rsync, either. It defaults to using "nobody", but that needs to own a folder somewhere too. Should I make an rsync user? Can I reuse the NFS user? Should I put the rsync folder inside my nfs/ folder? Should my rsync folder *be* the nfs/ folder too?
What about all these other users in the /etc/passwd file... can I remove a bunch of them?
I hope I'm making some sense with my questions : ) I know I can do pretty much whatever I want and put the folders all over the place. But I'm not sure if there is a "best" place to put them, or a recommended way to run them with safe permissions.
