How to manage unprivileged administration of system services using Debian?

Posted by ypnos on Server Fault See other posts from Server Fault or by ypnos
Published on 2010-05-15T15:23:00Z Indexed on 2010/05/15 15:24 UTC
Read the original article Hit count: 261

At our lab, we have several services handled by different phd students (like myself). Fluctuation is high and people do the job next to their research duties. Until now, services were running on different machines, with different OS setups that can result in administration hell quickly.

We want to consolidate our service setup. Our main idea is that the guys responsible for the services should not meddle with the underlying system anymore. Apart from core systems like NFS and kerberos, a typical service is able to run as non-root already. I'm talking about apache, mysql, subversion, mail with openxchange, and so on. Redirecting privileged ports is also no issue (source).

What is left is the configuration of the service and its payload. One scenario we envisioned is that every service has its own user and home directory, accessable by the corresponding admins. Backup and fallback of the service is easy, as everything needed for the service to run is found in one place.

  • Are there established ways to create such a setup?
  • Does a mostly unique method exist to make services find their files (other than in system directories) while still using the corresponding debian packages?
  • Are there any catches with our idea that we may have overlooked?
  • Would you maybe claim that virtualization is the answer to our problem? (In our POV, it wouldn't help us keeping system setup strictly separated from service setup.)

Thank you for any advice!

© Server Fault or respective owner

Related posts about debian

Related posts about Services