Ignoring bandwidth issues, what are the issues?
I host about a dozen sites, not all my own, using AOLserver and the ACS.
The sites all share:
- the AOLserver binaries and modules
- the group they run under (web), but not the owner
- service from an nsvhr proxy master (could be squid)
- cgi bin
- qmail
Each site gets its own
- user id (user account)
- database user
- aolserver process instance (running as ${site}.web
- web root in /home/$site/openacs/www
- nsd.tcl configuration file (named $user.tcl) in /home/$site/openacs
- server log and access log in /home/openacs/log
Developers can access the machine via SSH, giving them sftp and nscp access.
Using SUDO, developers can start and stop their own server.
What's left:
- chrooting AOLserver - I never quite figured this one out
- using daemon tools instead of sudo
- making nsvhr smart enough to add/remove virtual hosts without requiring a restart
- installing n different versions of AOLserver, one per user, so that sites can run their own versions of AOLserver or their own modules (I don't think this requires different installations of AOLserver, but it seems a pretty cheap and easy way to do it.)
- separating cgi bins
What's really left? I haven't figured out how to make PG respect user ids, so that one user can't look at another user's PG instance. I can do this in Oracle, but when I think of running multiple Oracle ACS sites, I start thinking once more about one machine per site.
So what am I missing? Ignoring bandwidth and cpu/memory constraints, how can one user stomp on another?
