A separate user for each task?

security best-practices

Solution 1:

Best practices for services like teamspeak are to run them as a seperate user, preferably in a jail - a guide to setting up jails can be found at https://help.ubuntu.com/community/BasicChroot

This is done to limit the damage an exploit in the software can cause - it will hopefully be limited to messing up teamspeak's files, but not the rest of the server.

Php and the webserver can often share a user since they need access to the same files.

No network service should run as root if it can be avoided because an exploit in that service could let an attacker get the same permissions as the user running it. Some software needs root permissions to start but can be configured to drop those permissions after it has started.

Related

Discrepancy between size of database listed in Unix and Mysql
How to ban IPs trying to login as root with ssh
postfix check warm me that some file differ
Zipping folder with absolute path without keeping tree of folders
Should one use "From", "Reply-To" or both headers to reflect their client's email address when sending an email to yourself from a "Contact Us" page?
HylaFax - Get status of a job
Security in shared hosting vs VPS 'virtual appliances'
Impact of MTU on IP packet fragmentation and reassembly
Save changes to iptables
tar gzip slowing down server
How can I force all internet traffic over a PPTP VPN but still allow local lan access?
Slapd service won't start, unable to open pid file