You are not logged in.
Just curious, I run two Arch installs on my machine: a desktop version and a server version. When I'm in my server I have no GUI, when I'm in my desktop the server runs in a systemd-nspawn instance. My theory behind this is first security, and second freeing up resources when I'm away from home so my server works better.
I wanted to know if it's possible to share installed packages between the two installs. Would it work to put /usr on a separate partition (I know I'd need to modify the intiramfs) so my two OSes could share that? Or is there a better way?
Also, on a side note, my ultimate goal is to somehow give the system overall (root maybe) only privileges to modify its partition, so if someone did hack the server they could only modify it and not touch the Desktop OS.
Last edited by steelcowboy (2015-01-03 17:00:24)
Offline
What is a package anyway?
1) The files
In this case, you would end up sharing your root partition between the two installations. I guess that if one system use the root partition just with read-only privileges, and the other system use it with full privileges, your setup would probably work. However, I'm not sure if it is easy to share the root partition to a systemd-nspawn instance, you probably know that. The question is: would the read-only system be useful?
2) The tarballs
You could just share the pacman cache (usually /var/cache/pacman/pkg, get it with 'pacman --verbose') between the machines. In this case, you would have to manually install the packages you want in each of them individually, but at least you wouldn't download them twice. Something like pacserve is another possibility. I believe this solution is better in terms of security.
Would any of this help you? They are not ultimate solutions based on what you seem to want, but I believe they could be a beginning.
Offline
You can share the same package cache for both. Different architectures download different files (but can still use the same, just not with the efficiency of using the same packages). I can even use them on a PXE client.
I may have to CONSOLE you about your usage of ridiculously easy graphical interfaces...
Look ma, no mouse.
Offline
This sounds like a recipe for disaster. I also can't make sense of what benefit this would serve. If someone has root-user access on the server, they can mount any other partition they want and do whatever they want to it.
I'd suggest using a single install, you could have a separate user for logging in to the server with profile/rc files more suited to working in the terminal.
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Offline
Oh yeah, I guess I used the wrong word -- I meant more the installed applications and not just the packages. The only problem with the same OS is I have some desktop only services (lxdm), some server only services (Apache) and I don't want all my desktop stuff running if I boot into server only mode. The only thing I want to share is the installed programs themselves -- all the pertinent files (e.g. httpd.conf) would live with the OS on its partition.
I guess everything I want to start up for my server I could run them in user mode, same for desktop. I'd get a really quick boot, run lxdm and I could just login as my server user and it would just drop me back to a tty maybe?
Sharing the root partition isn't a bad idea, basically I'm trying to avoid installing the same package twice without running unnecessary services when in server mode. I guess ultimately I could just run my desktop on top of my server (i.e. all server stuff starts at boot) then just run desktop programs as needed. .
But for my server OS couldn't I disable the root account and disallow anyone from using any mount commands? If I need to make changes that need root I could use my desktop install to mount and make the necessary changes? That way if someone gets in they can't touch anything else.
Offline
There is no need for a separate OS just to have a separate set of services running:
man systemd.target
You can have different boot options: one to boot to graphical.target and another to something like server.target.
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Offline