From owner-freebsd-questions@FreeBSD.ORG Wed Dec 15 23:32:24 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3F2CE1065670 for ; Wed, 15 Dec 2010 23:32:24 +0000 (UTC) (envelope-from dave@g8kbv.demon.co.uk) Received: from anchor-post-3.mail.demon.net (anchor-post-3.mail.demon.net [195.173.77.134]) by mx1.freebsd.org (Postfix) with ESMTP id 05CA98FC1A for ; Wed, 15 Dec 2010 23:32:21 +0000 (UTC) Received: from [212.225.127.64] (helo=[192.168.33.1]) by anchor-post-3.mail.demon.net with esmtpa (AUTH g8kbv) (Exim 4.69) id 1PT0pY-0001ol-ng for freebsd-questions@freebsd.org; Wed, 15 Dec 2010 23:32:20 +0000 From: "Dave" To: freebsd-questions@freebsd.org Date: Wed, 15 Dec 2010 23:32:20 -0000 MIME-Version: 1.0 Message-ID: <4D095004.5513.2EF1E210@dave.g8kbv.demon.co.uk> Priority: normal In-reply-to: <20101215120036.DFC371065849@hub.freebsd.org> References: <20101215120036.DFC371065849@hub.freebsd.org> X-mailer: Pegasus Mail for Windows (4.52) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Subject: Noob Jail question. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Dec 2010 23:32:24 -0000 Hi. As some of you may remember, I've managed to build a F'BSD V8.0 based system that provides me with:- Local GPS disiplined NTP server (working very well) the reason I built the thing in the first place, but it seems FreeBSD can do so much more, so I also have..... Hiawatha webserver (also working well) FTPD for updating the web pages Hiawatha serves up (working well) Other systems here generate data, that is FTP'd over the LAN to the web page folders. SSH remote login for admin needs (But not for "root" login) Also working well. All this will start happily, boot and sort itself out as a "headless" machine, and if needed collapse gracefully and shutdown cleanly, with one press of the power button. I am impressed! I've been reading the FreeBSD Manual (a dangerous thing to do during lunchtimes!) relating to Jails. Other than making my head spin, I'm finding it a tad dificult finding out just what you can/cant do with a Jail. Mainly, because I'm not familiar with a lot of the terms used, and though the man pages are no doubt correct as a reference, they don't "explain" it well, in as much as how to use it, well in my addled mind at the moment. I think I'd like to run Hiawatha in a Jail, as it seems "the right thing to do" with something that will be exposed to the www. (Comments/advice?) But, how do I arrange it to safely get (read only) access to the website data, without preventing the FTPD service from having access to update that data. FTPD will only be reachable from LAN side of the main gateway router, Hiawatha will have an outside world port forwarded to it by the router. What I'm asking I guess, is.. Can a jail'd app, reach outside the jail in "read only" mode. (I suspect, maybe?) Or can an app outside the jail, drop stuff off inside the jail? (For whatever reason, I suspect not?) If anyone understands what the heck I'm blathering on about, please explain it to me, as I think I've lost the plot. Comments, advice, brickbats etc? Best Regards. Dave B.