From owner-freebsd-questions@FreeBSD.ORG Tue Jul 13 17:04:02 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 860691065674 for ; Tue, 13 Jul 2010 17:04:02 +0000 (UTC) (envelope-from edflecko@gmail.com) Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 4E1968FC14 for ; Tue, 13 Jul 2010 17:04:01 +0000 (UTC) Received: by iwn35 with SMTP id 35so7442638iwn.13 for ; Tue, 13 Jul 2010 10:04:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type:content-transfer-encoding; bh=2GeCoMpKYypKc/ZC0oCIzfuMqFVwpQVXibb4wReUTgg=; b=StRlcfIf289+I9WukJzXbyGBphdu4VAoTE7a+kZlIyEBvR5mojbgevbQelTqdnb6wn gZpRs15nR8by+eCrKMxvaNY98ddHMadn0Das+M5ASrSMh8FhZ2LIey/EgbgtS02hXnX1 XYAF2VzvBRrxUUUKOT77aJHkYRp4ORjcgyVZQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=GRIaRa1gy576VmRPH4qfiSeyktzx9rO/maEnQweWCKyOKRJv4rrK7eoxj1BfCiTgas WBY9nXtbqI9R5bRVs37Wrex5+dQobuWcx01ZwJbz1huatzzL36hcYenwxC8LWpoTDIut tbegKtOQCTWWySLymQJYDsQc1tNfmcwcSbGUo= MIME-Version: 1.0 Received: by 10.42.3.201 with SMTP id 9mr2028966icp.59.1279040641654; Tue, 13 Jul 2010 10:04:01 -0700 (PDT) Received: by 10.231.118.98 with HTTP; Tue, 13 Jul 2010 10:04:01 -0700 (PDT) Date: Tue, 13 Jul 2010 10:04:01 -0700 Message-ID: From: Ed Flecko To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Subject: Clarification: "Jail" -vs- "Chroot" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jul 2010 17:04:02 -0000 Hi folks, I'm reading about "jails" and "chroot", and I'm not clear about the differences so I'm hoping someone can clarify this for me. Here's what I "think" is correct: 1.) FreeBSD has both "chroot" capability as well as "jail" capability. 2.) Only FreeBSD has true, "jail" functionality? Yes?...No? 3.) When reading something (book, article, etc.), is there a way to determine if the author is, in fact, talking about truly a "jail" or are they really just referring to a "chroot" environment? For example, I have a book ("Preventing web attacks with Apache") that says: "Chroot is short for change root and essentially allows you to run programs in a protected or jailed environment. The main benefit of a chroot jail is that the jail will limit the portion of the file system the daemon can see to the root directory of the jail. Additionally, since the jail only needs to support Apache, the programs available in the jail can be extremely limited." 4.) Jail is the more secure of the two options? 5.) When would you "typically" use a jail -vs- a chroot? The new, 2nd edition of "Absolute FreeBSD" says: "Chrooting is useful for web servers that have multiple clients on one machine=97that is, web servers with many virtual hosts." Comments??? Suggestions??? Thank you! Ed