Unix Users as Security Boundaries

On a single VPS, I don’t have multiple physical machines, but I can still use:

  • Unix users,
  • file permissions,
  • rootless Podman,

to approximate different trust zones.

I want each major component to live in its own zone:

  • vaulttest / vaultprod → core secrets,
  • proxytest / proxyprod → edge and HTTP termination,
  • appuser → application logic,
  • loguser → logging & metrics.

What Each Zone Can See

For example:

  • vaulttest:
  • owns /home/vaulttest/**,
  • has access to tls-test server certs,
  • runs Vault test container.
  • proxytest:
  • owns /home/proxytest/**,
  • sees only the client certs it needs to talk to Vault test.
  • appuser:
  • owns /home/appuser/**,
  • sees app configs, maybe some certs from Vault,
  • does not directly see Vault’s storage or CA material.

This way, a compromise in one user context is painful, but it doesn’t immediately trash the entire VPS.

Aligning with Podman

Each Unix user runs its own rootless Podman containers. That means:

  • no shared daemon,
  • per-user container storage,
  • a cleaner story for “who owns which process and which data”.

This mapping is the base on which I’m building the rest of my security model.