On Tue, 3 Apr 2012 18:10:12 -0400 Kaiting Chen wrote: > Yeah run each service as an unprivileged user and you should be fine. If > security is very critical than run something like SELinux or a similar RBAC > system. If you don't mind compiling a kernel, grsecurity and it's accompanying rbac or using rsbac instead are even better than SELinux. rsbac will cost you the most time. Grsecurity's rbac has a learning mode but won't let you selectively apply as the author sees that as a false sense of security. OpenBSD is my favourite option for servers but not for nfsv4. Do you need file locking or can you use something like sftp (ssh file transfer)?
