Noob Jail question.
Boris Samorodov
bsam at ipt.ru
Thu Dec 16 13:39:17 UTC 2010
"Dave" <dave at g8kbv.demon.co.uk> writes:
> I've been reading the FreeBSD Manual (a dangerous thing to do during
> lunchtimes!) relating to Jails. Other than making my head spin, I'm
> finding it a tad dificult finding out just what you can/cant do with a
> Jail. Mainly, because I'm not familiar with a lot of the terms used, and
> though the man pages are no doubt correct as a reference, they don't
> "explain" it well, in as much as how to use it, well in my addled mind at
> the moment.
>
> I think I'd like to run Hiawatha in a Jail, as it seems "the right thing
> to do" with something that will be exposed to the www.
> (Comments/advice?)
>
> But, how do I arrange it to safely get (read only) access to the website
> data, without preventing the FTPD service from having access to update
> that data. FTPD will only be reachable from LAN side of the main gateway
> router, Hiawatha will have an outside world port forwarded to it by the
> router.
>
> What I'm asking I guess, is.. Can a jail'd app, reach outside the jail
> in "read only" mode. (I suspect, maybe?) Or can an app outside the
> jail, drop stuff off inside the jail? (For whatever reason, I suspect
> not?)
>
> If anyone understands what the heck I'm blathering on about, please
> explain it to me, as I think I've lost the plot.
>
> Comments, advice, brickbats etc?
You may try to use sysutils/ezjail to install/manage/etc jails.
Using ezjail-admin is quite easy. Ezjails are realy light (they
use readonly mount_nullfs to a basejail rather then real filesystems).
Then you may consider using one jail for FTPD with write access and
an other jail for HTTPD server with read-only access (say, readonly
mount_nullfs) to those written by FTPD files/filesystems.
--
WBR, bsam
More information about the freebsd-questions
mailing list