|
Roberto Sanchez
roberto at familiasanchez.net
Thu Dec 15 22:02:58 EST 2005
Jorey Bump wrote: > > Well, in my case, I split mail and web onto different machines. On the > web machine(s), each virtual host gets a dedicated user with home > directory in /var/www/hosts. On the mail machine(s), accounts are > assigned to people as needed. By default, nobody gets a shell (but I'll > make a rare exception for some web users). > > This separation is more secure and much easier to manage. Users are free > to hire developers or transfer domains without putting email accounts at > risk. The servers are more specialized, so the number of exposed > services is reduced. > > If you're limited to one machine, it's still a good idea to separate > your mail users from your web users. That makes sense. So then, you could have user foo-web and foo-mail if you were confined to accounts on one machine. I like the two machine approach, but that is not feasible for me at the moment. -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~roberto
|