similar to: multi user environment & concept of access/authorization levels

I don?t want to allow public network facing servers to be able to reach passwords database. And I want to segregate roles of the servers. If I will setup dovecot locally I will still have to provide it access to database (eg. /etc/dovecot/dovecot-sql.conf.ext). On 27 Mar 2015, at 15:49, Benny Pedersen <me at junc.eu> wrote: > Edgaras Luko?evi?ius skrev den 2015-03-27 14:34: >>

I had a recent request to improve security on my web servers by having each website use a different user to run the hosting service. So example1.comhas it's own Apache instance running as apache1 and then example2.com has its own instance of Apache as apache2. Is this even possible or realistic? I understand the idea of how that would be secure, much like creating a virtual machine to

On Sat, May 30, 2015 at 10:38 AM, Phil Pennock <phil.pennock at globnix.org> wrote: > On 2015-05-30 at 15:00 +0200, Kasper Dupont wrote: >> On my laptop I have key1 and key2. I can use key1 to log in >> on server1, and I can use key2 to log in on server2. I want >> neither key to leave the laptop, and only key2 is allowed >> to be forwarded to other hosts. >

Hi, I need to support port ranges in tc filter rules. I know how to formulate the rule but , I am not able to understand how to calculate the mask value for a perticular range so as to segregate the port values that lie within this range . I got the following sample "tc filter add dev eth1 parent 1:1 protocol ip prio 10 u32 match ip sport 0x1ae0 0x1ff0 flowid 1:10 This rule will match all

Hello, Dirk (and everybody): I have Ubuntu on some systems and I notice there's a very nice thing you do with your R packages. The system is setup so that packages installed from deb go into /usr/lib/R, while packages built from scratch by root go into /usr/local/.., and if the user runs install.packages(), then it gets dumped into the user's own account. I'm much more familiar with

Pete Biggs wrote: > >> MAC addresses could be faked. >> >>> The PXE protocol, as far as I can see, has no concept of authorisation >>> - although its certainly possible to introduce it after PXE has done >>> its bit (but before imaging or whatever). >>> >>> You may be better off with authenticating the DHCP using RADIUS, but >>>

StatusBar.i -- Adds a typemap to return a wxRect structure. You''ll really want to go over this to make sure it''s correct. I don''t have a sample but it did make part of one of the bigdemo samples work a little better. If you want to put this on the back-burner until we have a chance to test it more fully I''d understand completely. One of the things

I''ve moved the remaining HTML files (including those that Mike and Paul are working on) to a new project named Shorewall-Website. This will segregate the Docbook documentation from the Website-only HTML files. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Being a fan of IPtables and dreading the eventual transition to Centos 7, I wondered if in C7's firewalld an interface can be assigned to a single zone or to multiple zones such as 'private' and 'trusted'. For example interface em1 having both trusted and public zones assigned to it. If multiple zones per interface are permitted presumably one can segregate traffic by IP range

On 02/02/2015 08:52 PM, Jatin Davey wrote: > So , You dont think that any configuration changes like increasing the > number of volumes or anything else will help in reducing the I/O wait > time ? No, because that won't change the number of heads that are present to service the IO requests, nor to segregate requests effectively. Your primary goals should be to reduce IO

Hi, this is partly Postfix related, but I want to know if there could be way to distinguish port of the SASL AUTH request to segregate user services. Currently I use unix listener for dovecot sasl auth, but could change to inet_listener. Only way I can think is to have different SASL AUTH services for each master.cf entry where its needed. But is it possible for Dovecot to have more than

I think it may make sense to segregate the libcxx lit tests that expect a task to be completed in a particular threshold. Either they should move to the llvm test-suite or they should be under a feature guard that omits them from the default test target. These tests are sensitive to the load and/or capability of the target on which they're tested. I appreciate that it's likely

I''m looking for an easy way to have mongrel only serve dynamic railscontent, while letting Apache serve non-Rails content. Unfortunately,it seems that you have to segregate the static content in its ownfolder. That was also the case with the SCGI runner. I used thetrick outlined athttp://comments.gmane.org/gmane.comp.lang.ruby.rails/23347 to managethis. I was curious if a similar

I am using R 1.3.0 on Windows 2000. For an experiment, I am wanting to find the most diverse 400 items to study in a possible 3200 items. Diversity here is based on a few hundred attributes. For this, I would like to do a clustering analysis and find 400 clusters (i.e. different from each other in some way hopefully). From each of these 400 clusters, I will pick a representative. I expect

On Tue, 2014-09-02 at 16:11 -0700, Andy Lutomirski wrote: > I don't think so. I would argue that it's a straight-up bug for QEMU > to expose a physically-addressed virtio-pci device to the guest behind > an emulated IOMMU. QEMU may already be doing that on ppc64, but it > isn't on x86_64 or arm (yet). Last I looked, it does on everything, it bypasses the DMA layer in

On Tue, 2014-09-02 at 16:11 -0700, Andy Lutomirski wrote: > I don't think so. I would argue that it's a straight-up bug for QEMU > to expose a physically-addressed virtio-pci device to the guest behind > an emulated IOMMU. QEMU may already be doing that on ppc64, but it > isn't on x86_64 or arm (yet). Last I looked, it does on everything, it bypasses the DMA layer in

Hello Everyone, I would like to have your thoughts on this. Overview of the problem =================== While implementing support for the DWARFv5 debug_macro section support in LLVM. I came across these holes: - The macros infrastructure in CLANG/LLVM is inherently tied to a particular version(v4 macinfo). For instance, consider this snippet from CLANG:

Hi Nico, I've understood about use export PYTHON=python3.4 in /etc/profile. The host that I've done it is in my test environment. I have only question about this: after samba 4.10.2 installed, it ever never need use python3 to do anything about samba? PS1: In my environment, the host run only Samba (samba and bind) service. I disagree about use python 3.6 instead python 3.4, though. In

> Date: Thu, 25 Dec 2014 07:07:52 +0000 > From: Luke Ledgerd <luke.ledgerd at niteco.se> > To: "syslinux at zytor.com" <syslinux at zytor.com> > Subject: [syslinux] Chain-loading from WDS to PXELinux on a different > tftp server > Message-ID: <17ba7ad419d54b6cab685c2cedc3de95 at NI-MAILEX.niteco.se> > Content-Type: text/plain;

Hi Guys, I have a few questions about 3.6 directory environments, which we're looking to adopt. Currently the most pressing surrounds the integration of r10k and hiera… I believe I want to store hieradata inside the r10k repos, so that each r10k repo (I'm planning on using these to segregate different internal product stacks so that product owners can put sensitive data in their own