-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, Aug 09, 2006 at 02:24:36PM -0400, Jim Perrin wrote:
It is a bit more problematic than that. You are not only adding stuff, but you are also replacing (exim, apache) a part of the system.
True, and slightly more accurate. I would assume that one who has a mastery of both centos and CPanel would by default understand such things, but it may need to be set.
Aiming for mastery of both CentOS and cPanel is like mastering sendmail.cf rule writing: difficult, impressive but definitively not a worthy goal.
My point is simply, once you are using cPanel, you really have to trust them to provide you with everything. Even minor changes on the software installed by cPanel will make parts of it stop working. So you have to keep your customizations to what you can do using the web interface, unless you are completely crazy (and if you mastered sendmail.cf rule writing, you definitively are).
If you are using cPanel, forget ACLs and SELinux. You can try to do something using the stock kernel + grsecurity patches, and maybe even install mod_security, but you really can't aim higher than that.
Also, take a look at POSIX ACLs. They are a bit more complex to use than unix permissions, but much more flexible.
ACK! Dammit I did leave out extended ACLs... good catch. They're quite nice also, although they make backups interesting because tar eats them. Star is your friend in those circumstances.
I really hate using tar for backups, even tho sometimes we are forces to use it. I try to use "dump" as much as possible, since it will (should?) get all the fs metadata correctly. When migrating servers, I usually add a nice dd of the filesystem, having a image I can mount whenever I want, just for an extra kick.
It is really unfortunately that ACLs are not supported by many utilities, with special proeminence to tar. I don't think cpio can handle it either.
[]s
- -- Rodrigo Barbosa "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)