Clarification: "Jail" -vs- "Chroot"
edflecko at gmail.com
Tue Jul 13 17:04:02 UTC 2010
I'm reading about "jails" and "chroot", and I'm not clear about the
differences so I'm hoping someone can clarify this for me.
Here's what I "think" is correct:
1.) FreeBSD has both "chroot" capability as well as "jail" capability.
2.) Only FreeBSD has true, "jail" functionality? Yes?...No?
3.) When reading something (book, article, etc.), is there a way to
determine if the author is, in fact, talking about truly a "jail" or
are they really just referring to a "chroot" environment? For example,
I have a book ("Preventing web attacks with Apache") that says:
"Chroot is short for change root and essentially allows you to run
programs in a protected or jailed environment. The main benefit of a
chroot jail is that the jail will limit the portion of the file system
the daemon can see to the root directory of the jail. Additionally,
since the jail only needs to support Apache, the programs available in
the jail can be extremely limited."
4.) Jail is the more secure of the two options?
5.) When would you "typically" use a jail -vs- a chroot? The new, 2nd
edition of "Absolute FreeBSD" says:
"Chrooting is useful for web servers that have multiple clients on one
machine—that is, web servers with many virtual hosts."
More information about the freebsd-questions