[typo] Newbie Question 3: Secure Typo installation

Nick Rich nrich123 at mac.com
Tue Oct 30 08:16:34 EDT 2007


Sorry - more questions from ignorance!

I'm hosting a few typo blogs for fun. I have an ADSL line, a domain  
and a spare Mac OS X box.  I would like to ensure that I'm not  
opening up some nightmare security hole on my network.

- My db is Postgres which runs under an unprivileged user, u1.

- My typo install folders are owned by an unprivileged user, u2 ,   
which also runs my mongrel instances, which listen only on localhost  
defined ports.

- My apache install runs under an unprivileged user, u3, which  
proxies to the mongrel cluster.

- My firewall is closed to inbound traffic except for my apache port 80.

Does this sound like a sensible scheme? Any gapingly obvious holes?  
Anything else I should be doing? I'm completely *not* a sysadmin  
expert, so I probably can fool around enough to be very dangerous :-)

Many thanks,

Nick




More information about the Typo-list mailing list