On 03/27/14 14:37, Erling Westenvik wrote:
That means that encrypted data, which would typically reside in
/var/mysql, /var/www, and /var/transmission, must reside on volumes that
can be unlocked and mounted separately. However, I cannot in advance
predict which "service" will outgrow others first, so I'd like to have
them all on the same volume just like it would have been if I could
simply encrypt one very large /var partition to begin with.
My question: Is it trivial to have mysql, transmission and www to store
all of their data on a separate volume and have it mounted to, let's say
/var/
raid1c/
www/
mysql/
transmission/
while retaining various log and chroot functionality and without
reducing security? Any potential caveats to watch out for?
Yes it is trivial, I have a similar setup:
The system itself is installed with all services disabled.
I remotely run a script that will ssh, mount the encrypted volume and
start the services.
The configuration and data bits are on the encrypted volume with
symlinks at the appropriate places.
The only "issue" I have is the daily mail warning me that some symlinks
should be files.
Gilles
