Hi,
I’m new Ipfire user, thanks for the works.
I want to use my Ipfire as a “hypervisor” and put my web service on VMs on the orange network.
I want to create an user and manage VM with libvirt/virsh command.
Is it more secure to run and manage as user or can i manage and run my VMs as root without risk ?
Thanks for you answer.
A human mistake almost never comes from lacking of rational thoughts but from wrong premises. Your intention is a perfect example of it. You are correctly worrying about an important issue, avoiding whenever possible root privileges to running processes, but you are starting from a wrong premise: underestimating the importance of your firewall in protecting your network. If you have a safe in your house, would you use it also to keep your beverages cool? No, you would have a very good lock on it, keep it in a good location and never talk about it to anyone.
Security requires first and above all minimizing the surface of attack. A nice web server, accessible from the red interface, running on you router/firewall is doing the opposite of that.
Have a second machine, with lot of memory running KVM/Libvirt and plug that machine in orange. Run on that machine a good server OS, Fedora, Debian etc. and follow good practices like the one you were describing in your post. This is my way of framing the issue. I am wrong all the time, but I am not wrong on following this principle.
Thanks for you answer.
Yes you’re right, i focus to reduce my power comsumption but i underestimating the importance of the firewall. I have a old pc with a good hardware to run Ipfire. I have some knowledge in linux system but not a network expert, thank’s again for your advise