similar to: Apache security , Was: Running Apache sites as separate users

I had a recent request to improve security on my web servers by having each website use a different user to run the hosting service. So example1.comhas it's own Apache instance running as apache1 and then example2.com has its own instance of Apache as apache2. Is this even possible or realistic? I understand the idea of how that would be secure, much like creating a virtual machine to

I'm setting up a chroot environment on a shared web server to allow users to modify their web roots within a secure chroot, but am having a problem. Right now when I log in with test accounts I get this... Last login: Thu Jul 14 09:04:14 2011 from .... id: cannot find name for group ID 507 id: cannot find name for user ID 506 [I have no name!@webserver ~]$ I've verified that the UID /

I am unable to get the #includedir function to work with sudo. This works just fine on all my CentOS 5.6 servers, but on 6 it is being ignored. I have this line in the file /etc/sudoers.d/zabbix-puppet zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet However sudo still requires a password. If I put that same line into /etc/sudoers file , there is no password prompt. At the end of my

I have decided to migrate my latest KVM server to CentOS 6.0 and am beginning to get a little frustrated with some issues that worked perfectly in 5.6. Right now I've given up on getting virbr0 and NAT to work, but now I need networking bridging to work, but nothing seems to fix the issue. I have not had much experience with troubleshooting KVM so could really use some pointers on resolving

Hello, I am trying to execute virsh commands on a host but it is giving errors due to failure in acquiring lock. root at kvm01:~# virsh suspend blindone error: Failed to suspend domain blindone error: Timed out during operation: cannot acquire state change lock Any suggestions how can we figure out possible reasons. -- Jatin -------------- next part -------------- An HTML attachment was

I recently began getting periodic emails from SEalert that SELinux is preventing /usr/libexec/qemu-kvm "getattr" access from the directory I store all my virtual machines for KVM. All VMs are stored under /vmstore , which is it's own mount point, and every file and folder under /vmstore currently has the correct context that was set by doing the following: semanage fcontext -a -t

hi there, I'm following these documentations to add a file-based disk volume to a KVM guest under Centos 6.0 : http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization/chap-Virtualization-Storage_Volumes.html as instructed, I created a "pool" then a "volume", file-based, e.g : mkdir /mnt/raid/kvm_pool1 virsh # pool-define-as pool1 dir - - - -

System: CentOS Linux release 6.0 (final) Kernel: 2.6.32-71.23.1.el6.x86_64 KVM: QEMU PC emulator version 0.12.1 (qemu-kvm-0.12.1.2) Libvirt: ibvirtd (libvirt) 0.8.1 Hi everyone, I only recently subscribed to this list and hope you can shed some light on the following error. I created a VM on my Centos 6 KVM machine, used a qcow2 image and wanted to create a snapshot via 'virsh

Hi Everyone, I downloaded the CentOS 6 x86_64 DVD ISOs and burned the first image to a rewritable DVD. When I tried to boot my new home server off it, it didn't, and then this was printed to the screen: ETCDisolinux: Found something at drive = EF No DEFAULT or UI configuration directive found! boot: The same disc works fine in my 4 year old HP laptop, and when installing CentOS 6 as a KVM.

I'm setting up a shared web server running Apache. Each web root will belong to a department, which has a corresponding Active Directory group to give access. So far I've got samba working and such, but am having some trouble wrapping my head around the necessary permissions to make all this work, especially securely. So far I've found that both the POSIX and the ACL permissions

I'm trying to install a gem named Fabulator on CentOS 6 CR x86_64. It's failing on libxslt-ruby. This is the error I get when trying the gem manually... ------------------------------ # gem install libxslt-ruby --no-rdoc --no-ri Building native extensions. This could take a while... ERROR: Error installing libxslt-ruby: ERROR: Failed to build gem native extension.

Over the years many shops have come to start running puppet via cron to address memory leaks in earlier versions of Ruby, but the official position was that puppet was meant to be run as a continually running service. I am wondering if the official position has changed. On one hand many if not all of the early Ruby issues have been fixed, on the other, the addition of mcollective into the mix as

Tried my first CentOS 6 install on a system currently running 5.6. My attempt was not an upgrade, but a full re-format. I have verified the checksums of the ISO and did the pre-install disk verify and everything checked out. However after the screen for setting up the bootloader I get the following error "Unable to read group information from repositories. This is a problem with the

I have an oVirt engine node that currently runs the system on a qcow2 based virtual disk, and an NFS export volume on RAW. I'd like to take a snapshot before a somewhat risky upgrade of oVirt and can't with the raw image attached. Looking at the documentation for the snapshot XML, I created this XML file for the snapshot <domainsnapshot> <name>20120802</name>

Folks, I've build a tiny repo to provide GIMP 2.3.15 (and 2.3.14 as a possible fallback) for EL5. GIMP 2.3.15 is the last version of GIMP that builds with no errors with the GTK+ version that ships with EL. 2.3.15 is "almost GIMP 2.4", as 2.3.19 was the last development release prior to 2.4.0. To the extent of my knowledge, Akkana Peck wrote the first edition of her book on GIMP

I could use some help with clarification on the use of the libvirtd daemon with regards to managing remote KVM instances. Right now I have a CentOS 6 KVM server (libvirt-0.8.1), but would like to use some management applications that require higher version (0.8.8). First, is it possible to run the libvirtd daemon from within a VM, or does it require active kvm kernel module? Secondly, could a

I have a file resource defined to be owned by a group that is accessible via samba/winbind (AD based group), but every time Puppet runs automatically (every 30 min) the run fails with this error , (sensitive information removed) (/Stage[main]//Node[node1.tld]/Apache::Vhost[vhost1]/File[/var/www/ vhost1/html]) Could not evaluate: Could not find group org-www at /etc/

I am finding that the puppetlabs-apache module is somehow adding 30-60 seconds onto a host''s catalog compile time when the puppetmaster has no other hosts contacting or generating catalogs. The Puppetmaster is setup to use Puppet-2.7.18 - Apache & Passenger. RIght now only 2 hosts are even configured to use this new PM, the PM itself and a Foreman host. With neither hosts

I''ve begun using Hiera in combination with Foreman, primarily storing data that is best left in Array/Hash form. I''d like to be able to have a module, in this case BackupPC, query all the Hiera data for each node where the backup directories/databases are stored. Then use all that information on the BackupPC server to generate proper configuration files for each

Does anyone have some examples of using this create_resources function, https://github.com/puppetlabs/puppetlabs-create_resources, ? Based on the README example I can''t figure out exactly how to change from using defines to using this function. Maybe I misunderstand the purpose of create_resources...is it to replace defines, or is it to allow ENCs (for example) to use a define? Below