[Techtalk] Using Debian Testing (Sarge) on production servers
Rasjid Wilcox
rasjidw at openminddev.net
Sat Mar 6 17:58:49 EST 2004
On Saturday 06 March 2004 14:35, Mary wrote:
> In other words, unstable gets security updates earlier than testing
> because unstable is where new versions packages go first.
Thus the advice I was given.
Perhaps I should give a bit more info about what I'm doing.
I have been following the 'Postfix-Cyrus-Web-cyradm-HOWTO' and have been
adapting it to work with Debian Sarge.
Services that would be available to the outside world would be limited to:
SMTP - Postfix
IMAP, POP3 (both only over SSL) - Cyrus
HTTP/HTTPS - Apache 1.3
There will be no local users, all users are 'virtual' and only exist in a
MySQL database.
Postfix can be run chrooted. In fact, given all the users are 'virtual', I'm
not sure that any of the Postfix componets that run as root are used.
I think that the saslauthd daemon is the only process involved in the mail
process that needs to run as root.
My biggest concern is actually Apache and PHP. Can anyone explain why there
is always one apache process running as root, while the rest run as
'www-data'?
My other option is to go with Mandrake or Slackware, or build my own SuSE
user-mode-linux image. My main critera is that I have reasonably up-to-date
packages and easy to get and install security updates that don't cost the
earth (like RHEL). I have no experience with Slackware (and minimal with
Mandrake) and so don't know how security updates are delt with with these
distros. I use currently use SuSE and home and would consider it, but due to
the Yast2 license restriction, Linode.com does not provide that as a
pre-installed option.
Cheers,
Rasjid.
--
Rasjid Wilcox
Canberra, Australia (UTC +11 hrs)
http://www.openminddev.net
More information about the Techtalk
mailing list