file/print/web server

Matthew Kuiken matt.kuiken at verizon.net
Sun Jun 18 02:38:20 UTC 2006


Hi all,

I have searched a little on the web, but I'm by no means done with my 
research.  I just wanted to ask this question here to get the general 
opinions of my approach.

I have an old Pentium 233MMX that I have been playing with Xubuntu on.  
I am really surprised and happy about how well Xubuntu works on it.  
Enough so that this has become a major hobby project.

I bought a 200 GB drive for it, and have it up and working.  I decided 
that I will use part of that drive as a backup for my laptop and 
portable USB hard drives.  I want this section of the drive to only be 
accessible over my home network.  In fact, I have no problem with the 
data on that partition not even being accessible to a person sitting at 
that machine's console.  I am thinking about using an encrypted file 
system for this purpose, and keeping the passwords/keys on my laptop.

Since Xubuntu is working so well on the machine, I thought it would be 
interesting to set up a web site, perhaps with something similar to a 
MoinMoin wiki in it.  I have an application in mind for this web site 
already, but realize that the bandwidth to this site will be really low 
because of my DSL.  It is not a project that I am going to update to 
business level service for.

My main question about this situation is security.  If I am going to 
make this machine available to the web, I want to make sure that if it 
gets 'owned' that my backup data is not at risk.  For this purpose, I am 
thinking of running the web server in a VM.  I know this'll be slow, but 
I think the Internet connection will still be the bottleneck.  I am 
wondering if someone 'owns' a VM, can they get access to files that are 
in the file system on the server that is hosting the VM?  It seems like 
the VM shouldn't be able to get access to files outside its configured 
file system area, but I do not really know how the VM works in this 
regard. 

I already have the machine set up so that I can access it through ssh on 
my home network.  I have not opened that up to the Internet, and am not 
certain I will, even though I have it set up to use RSA keys with my 
laptop, and have disabled password based login.  I am pretty sure that 
this is secure, as I followed the instructions here:

https://wiki.ubuntu.com/SSHHowto

Including the stuff here:

https://wiki.ubuntu.com/AdvancedOpenSSH

to ensure that I have locked out most places of entry.  I plan to 
continue to use vnc over ssh in order to do the main admin and 
configuration tasks for this machine.

So, the main questions of this whole long story are:
Is this a good way of going about this task, to secure my data, but at 
the same time create a hobby web server?
Should I just give this up, and just be happy that this thing works as a 
file/print server?
Is there an easier way of setting this thing up that still has enough 
security, but makes a decent web facing machine?
Are the files outside of a VM safe from anything inside the VM?  
(general curiosity here, above and beyond just this project.)
General comments?

Sorry for the long post, but I figured this one needed a good 
explanation of what I am trying to accomplish in order to produce the 
types of answers I'm looking for.

Thanks,
-Matt





More information about the ubuntu-users mailing list