You are not logged in.
Hi,
I'm using Arch for about 2 years on all my computers at home. Since over one year I have a dedicated server which is running Debian at the moment, but I really don't like Debian.
So I'm thinking about installing Arch on my server. Now I'm asking myself is this a good idea? Because most people say Debian is the best distri for servers because of the stable branch.
I really like the bleeding edge software at Arch and that the packages are mostly the same which can be downloaded from the project pages. But how good is Arch as a web server? Are there any security issues which I should know or any other problems?
Thanks
lotho
EDIT: Changed the subject.
Offline

Security-wise, Arch could play things a bit more seriously, but measures can be taken to prevent certain problems (e.g. forkbombs, by editing /etc/security/limits.conf to limit the maximum number of processes).
As for stability... Well, Current is generally pretty stable, but there aren't really enough package maintainers to test everything, so weird stuff may occasionally happen to packages in Current (and more often Extra).
I'm not sure Arch is ideal for a server... On the other hand, several members here use it for servers and it doesn't seem to give them trouble.
Edit: if you want to secure yourself against certain buffer overflows, you can also use libsafe - that's unmaintained though, and doesn't protect you against everything.
Offline

I decided to use arch as a server as it is quite fast, prizessor optimized and I can install just what I need. Not overhead. As a server, lot of the packages that gave us a headache lately are not needed.
Frumpus ♥ addict
[mu'.krum.pus], [frum.pus]
Offline
I've been running my server with Arch for a year or so.. It works fine. I just dont upgrade the packages on it. I don't really feel like I need to, either, so it's all good. It's fast and nice, too :-)
Offline

I just removed Debian from my dedicated server and installed Arch a few weeks ago. So far I did not run into any problems (except for the installation, which ist not that easy without physical access to the server  ), everything just feels better. Other than in Debian where I got lost quite quickly because it had it's configuration things and all kinds of other stuff everywhere, I feel like I've got full control back on my server since it's running Arch.
), everything just feels better. Other than in Debian where I got lost quite quickly because it had it's configuration things and all kinds of other stuff everywhere, I feel like I've got full control back on my server since it's running Arch.
As for security, I read the manpages of all services I run carefully and informed me in other places when I didn't quite got something to configure everything so that there's (hopefully) not much left for an attacker other than bugs in the services code. And to prevent running buggy software that listens on the external interface I subscribed to some security mailinglists to stay informed about newly discovered security problems.
Offline
The biggest problem with Arch on a server is frequency with which packages change. Where desktop and laptop users want innovation, change, little tweaks to make it faster or more maintainable, a server administrator will (should) usually strive for stability and reliability.
Arch introduces new features every week, but this opens door for bugs and vulnerabilities each week, too. Debian for example, takes affected package x.y-z and ups it to x.y-(z+1), with as logentry: fix security vulerability in...,
while Arch will update the package to x.(y+1)-1, if available at that moment. Sometimes x.(y+1)-1 == x.y-z + security patch, but ocassionally it isn't. 
Most of the time a server admin does not want nor need the features introduced in the new version, so adding them is only seen as an unneccesary risk.
So I think Arch will do just fine, if you or your business do not rely on it. If I owned a webhosting company or had to deploy webservers for some companies, I would never trust Arch to it. I'd rather go with Debian or FreeBSD or Solaris, depending on the customer's hw and preferences.
If it's just to put your blog online, well, Arch could be an option. But I'd still run Arch on the desktop, just to see how smooth the upgrades are.
Offline
I think I will install arch on my server. Made some experiments today to install arch from a rescue system and it works faster and easier than I thought. This howto from the wiki helped me very much http://wiki.archlinux.org/index.php/Ins … her_distro.
I'm not running any important sites on it, only 3 websites, a mail server and a jabber server. All this stuff is only mine, there are no customers or any really important stuff.
Also I want to make some vservers on it to have more security (I got two extra ips for free  ).
 ).
Thanks for all your answers
lotho
Offline
LB06 --> I'm sharing your concerns about security in Arch because i work as a professional sysadmin but IMHO what you say is not entirely true:
1. IMHO Arch is much simpler than Debian, *BSD, Solaris. People say *BSD is the embodiment of the KISS principle. Well, i beg to differ, FreeBSD is too much bloated for me and also sometimes a pain to upgrade. Recompiling kernel and all userland from source in order to upgrade is not the best solution IMHO, especially when you dealing with many REMOTE servers.
Look at *BSD mailing lists and forums to see how many people got problems with upgrading FreeBSD.
2. Server don't need X, don't need any unecessary software. Arch is perfect here because it gives you REALLY full control on what you install, without the bloat. Even *BSD's come too bloated for me, because in their "base" install they got too many services i dont need. Who needs inetd or talk these days? I usually dont like sendmail too. With Arch i don't even have to install OpenSSH if the machine is controlled only from a server room. That minimizes security problems.
3. Some say Arch is not too stable in current for servers. Well, in a production environment you should ALWAYS have some sort of simulation environment to test new upgrades BEFORE applying them to your server. IMHO simulating upgrades is also good for desktops. FreeBSD can also break after make world. In Arch you can just upgrade the most important packages like kernel and the services you are running. Most packages that cause broken system in Arch are just for desktops, not server packages.
4. There are much more sysadmin jobs for Linux than for *BSD these days. Plus when you are good with Arch you can basically do any kind of sysadmin job in any other Linux distro, because it teach you the UNIX way. (no GUI's, shell oriented). And that means a lot of opportunities for you, you can be Debian admin, RedHat, Suse - knowing Arch you will most definetly make it out there in those bloated systems, after that even more you will praise Arch for its simplicity and beauty. On the other hand *BSD's are different than Linux so when your boss will want to install these new Red Hat Enterprise servers you can lost your job.
My conclusion is that, Arch can be as much stable and secure as all other Linux distros or FreeBSD, but it's much simpler than all of them. 
The choice is yours tho 
Favorite systems: ArchLinux, OpenBSD
"Yes, I love UNIX"
Offline
LB06 --> I'm sharing your concerns about security in Arch because i work as a professional sysadmin but IMHO what you say is not entirely true:
1. IMHO Arch is much simpler than Debian, *BSD, Solaris. People say *BSD is the embodiment of the KISS principle. Well, i beg to differ, FreeBSD is too much bloated for me and also sometimes a pain to upgrade. Recompiling kernel and all userland from source in order to upgrade is not the best solution IMHO, especially when you dealing with many REMOTE servers.
Look at *BSD mailing lists and forums to see how many people got problems with upgrading FreeBSD.
While I agree with you here, that's not what I said. I didn't actually talk about simplicity at all.
2. Server don't need X, don't need any unecessary software. Arch is perfect here because it gives you REALLY full control on what you install, without the bloat. Even *BSD's come too bloated for me, because in their "base" install they got too many services i dont need. Who needs inetd or talk these days? I usually dont like sendmail too. With Arch i don't even have to install OpenSSH if the machine is controlled only from a server room. That minimizes security problems.
Again: I've never said that BSD isn't bloated. But by altering make.conf you can simply decide what you do want and what you do not want in your base install. But I agree: by default it tends to be a bit bloated.
3. Some say Arch is not too stable in current for servers. Well, in a production environment you should ALWAYS have some sort of simulation environment to test new upgrades BEFORE applying them to your server. IMHO simulating upgrades is also good for desktops. FreeBSD can also break after make world. In Arch you can just upgrade the most important packages like kernel and the services you are running. Most packages that cause broken system in Arch are just for desktops, not server packages.
4. There are much more sysadmin jobs for Linux than for *BSD these days. Plus when you are good with Arch you can basically do any kind of sysadmin job in any other Linux distro, because it teach you the UNIX way. (no GUI's, shell oriented). And that means a lot of opportunities for you, you can be Debian admin, RedHat, Suse - knowing Arch you will most definetly make it out there in those bloated systems, after that even more you will praise Arch for its simplicity and beauty. On the other hand *BSD's are different than Linux so when your boss will want to install these new Red Hat Enterprise servers you can lost your job.
My conclusion is that, Arch can be as much stable and secure as all other Linux distros or FreeBSD, but it's much simpler than all of them.
The choice is yours tho
Your points are all valid, imho, but they are not really related to my points. I was talking about providing a stable environment, and you are talking about things like bloat, simplicity and job opportunities.
Offline

Er, doesn't BSD have binary packages of base components? And a simple package management tool for downloading and installing packages from specified servers? Nothing like pacman perhaps, but unless I'm completely wrong updating a BSD system doesn't have to be as bad as updating, say, a Gentoo system.
Offline
I was talking about providing a stable environment
And my conclusion was that Arch as a server can be as secure and stable as any other Linux distro or even FreeBSD plus if you are intelligent and simulate first all upgrades on a test machine it gives you much less pain in maintaining, because it is an incredible simple distro.
As for Security Advisories well, FreeBSD is basically on point only when it comes to their base system, they arent really striving to provide very fast security advisories to all those other appz in ports.
I usually watch Gentoo Linux SA's which IMHO are the best SA's for Linux, even better than Debian DSA, they usually report faster various CVE entries.
Plus they report which version of the package fixed those security vulnerabilities (Debian team patches their old "stable" packages instead - i dont like it if you ask me).
Gullible Jones, you are not entirely right. FreeBSD does provide binary packges for appz in ports, but still you need to recompile all base system in order to upgrade. There is a way to do a full binary upgrade of OpenBSD but still you need to upgrade ALL the packages to the new version of base.
Favorite systems: ArchLinux, OpenBSD
"Yes, I love UNIX"
Offline
Well, actually you can perform binary updates to the base system with freebsd-update (for which you can build binary patches on a testing machine, if you do not trust the author of freebsd-update to do it for you).
Offline
never tested it, but from what i understand it only applies to SECURITY UPDATES and only to the base system (not to ports). You still can't do a full binary upgrade of the whole system with that like pacman -Syu.
For me one of the most important things in using various OS'es is how the upgrade process is implemented. *BSD's are not the best out there when it comes to ease of upgrading IMHO. 
Debian or Arch are perfect here, both using "rolling release" cycle.
Favorite systems: ArchLinux, OpenBSD
"Yes, I love UNIX"
Offline
never tested it, but from what i understand it only applies to SECURITY UPDATES and only to the base system (not to ports). You still can't do a full binary upgrade of the whole system with that like pacman -Syu.
For me one of the most important things in using various OS'es is how the upgrade process is implemented. *BSD's are not the best out there when it comes to ease of upgrading IMHO.
Debian or Arch are perfect here, both using "rolling release" cycle.
portupgrade -ar for source based upgrading
portupgrade -arP for binary based upgrading, where available
portupgrade -arPP for binary based upgrading only
Offline