Noob Jail question.

[Boris Samorodov]

"Dave" <dave at g8kbv.demon.co.uk> writes:

> I've been reading the FreeBSD Manual (a dangerous thing to do during 
> lunchtimes!) relating to Jails.  Other than making my head spin, I'm 
> finding it a tad dificult finding out just what you can/cant do with a 
> Jail.  Mainly, because I'm not familiar with a lot of the terms used, and 
> though the man pages are no doubt correct as a reference, they don't 
> "explain" it well, in as much as how to use it, well in my addled mind at 
> the moment.
>
> I think I'd like to run Hiawatha in a Jail, as it seems "the right thing 
> to do" with something that will be exposed to the www.  
> (Comments/advice?)
>
> But, how do I arrange it to safely get (read only) access to the website 
> data, without preventing the FTPD service from having access to update 
> that data.  FTPD will only be reachable from LAN side of the main gateway 
> router, Hiawatha will have an outside world port forwarded to it by the 
> router.
>
> What I'm asking I guess, is..  Can a jail'd app, reach outside the jail 
> in "read only" mode.   (I suspect, maybe?)   Or can an app outside the 
> jail, drop stuff off inside the jail?  (For whatever reason, I suspect 
> not?)
>
> If anyone understands what the heck I'm blathering on about, please 
> explain it to me, as I think I've lost the plot.
>
> Comments, advice, brickbats etc?

You may try to use sysutils/ezjail to install/manage/etc jails.
Using ezjail-admin is quite easy. Ezjails are realy light (they
use readonly mount_nullfs to a basejail rather then real filesystems).
Then you may consider using one jail for FTPD with write access and
an other jail for HTTPD server with read-only access (say, readonly
mount_nullfs) to those written by FTPD files/filesystems.

-- 
WBR, bsam