If you rent a linux-based server from a hosting company now, there's a fair chance it will come with a 'friendly' web-based interface. For a few years, I've been using a Cobalt RaQ3, which was lovely. I'm now moving onto a machine which uses Ensim's WEBppliance software and which isn't nearly so nice, though you could argue that it has more features.

It's moderately easy to find your way through the web interface, but it's less obvious what's going on under the skin, particularly if you're used to a normal RedHat machine. Here, then, are some quick notes of things I've found out so far, which may help others in the same situation. Please let me know of anything you find unclear or inaccurate.

• When you create a new domain (or site) on the server, a new directory is set up which contains the filesystem for that site. It's at /home/virtual/siten/fst, but there's a more convenient symbolic link to it at /home/virtual/domain. This isn't just a 'home filespace', though. Within the directory there is a cut-down root filesystem including /home, /etc, /var directories etc, and this forms the root directory for anybody logging in within that domain. (Many of the files are actually hard links to things within /home/virtual/FILESYSTEMTEMPLATE.) Typically, only the 'root' user is able to see anything outside these virtual directories. Users that you create with the GUI will, if they SSH into the server, be operating within this very restricted environment. One thing I did fairly early was to create a conventional user, outside the GUI, so that I could explore the whole file system without having to be root.

• The admin user for the new site is a normal unix user and has an entry in /etc/passwd as 'adminn', where this is the nth domain you've created. "Hang on!", you say, "I called my admin user 'bigbob'!" Well, this is the clever (or perhaps frustrating) thing:

  There is an entry for bigbob, but it's in the /etc/passwd which is in the virtual filesystem for the domain. Any users living in that filespace will see files created by bigbob. But in the real top-level /etc/passwd, there will be an entry, for example, for 'admin3' which will use the same uid as bigbob. This means that if you log in as root and browse through the files, any that were created by 'bigbob' will be listed as belonging to 'admin3'. Why do they do this? Well, that brings us to the next point:

• Ensim 'users' are not like normal linux users. The usual problem when hosting multiple domains on one Linux machine is that usernames in /etc/passwd must be unique. If I set up mycompany.com and you want to put yourcompany.com on the same server, we normally can't both have a user called 'john'. By splitting users into separate /etc/passwd's you can get around this limitation, meaning that every site can call the admin user 'admin' if they want to. It's only in the real /etc/passwd that they get called admin1, admin2 etc. This is quite convenient.

  If you create another user within a domain, they get allocated a uid (typically from 22000 upwards) but they do not appear in the main /etc/passwd at all, only in the one that's specific to their domain. (Log in as root and look at their files, and you'll just see the owner listed as '22001', for example.) This means that the machine as a whole does not recognise their usernames. If you've created a user called 'nancy' within yourcompany.com, you cannot connect to the machine using SSH or FTP as 'nancy', as you would on a standard Linux machine. You must specify a username that includes your domain - 'nancy@yourcompany.com'. Many FTP and SSH clients don't accept the @, or use it to mean something else, so a more useful alternative is 'nancy#yourcompany.com'. If you're used to connecting to a server using 'ssh username@machine', you'll now want to use 'ssh username#domain@machine' (where 'domain' and 'machine' can often be the same thing). (There are special PAM authentication modules installed which allow access using these 'virtual' usernames by consulting the information under /etc/virtualhosting).

  Suppose you've logged in as nancy#yourcompany.com, and you're now living in the virtual filespace belonging to yourcompany.com. You want to create a directory to be shared by other users in the same domain, or perhaps to be used by some software. You don't have write access to most of this filespace, so where should you put it? I think the best spot is within /home - you can create a directory called, for example /home/yourcompany and, optionally, make it writeable by everybody in your group. (From the machine's point of view, it will actually be '/home/virtual/yourcompany.com/home/yourcompany', but you won't be able to see that). In addition, if you create a public_html directory within that, you can access it via the web as http://yourcompany.com/~yourcompany/.

That's all for now - hope that helps you get started! There is some good documentation out there, including on the Ensim site, but it's hard to separate the wheat from the chaff. It doesn't help that the online help system that's installed with the package uses some clever Javascript and so doesn't work on most of my browsers...

Quentin Stafford-Fraser
19 June 2003