From owner-freebsd-questions Mon Apr 16 14:29:11 2001 Delivered-To: freebsd-questions@freebsd.org Received: from nisser.com (c0039.upc-c.chello.nl [212.187.0.39]) by hub.freebsd.org (Postfix) with ESMTP id E9CC737B424 for ; Mon, 16 Apr 2001 14:29:07 -0700 (PDT) (envelope-from roelof@nisser.com) Received: from nisser.com (roelof [10.0.0.2]) by nisser.com (8.9.3/8.9.2) with ESMTP id XAA25702; Mon, 16 Apr 2001 23:28:56 +0200 (CEST) (envelope-from roelof@nisser.com) Message-ID: <3ADB6418.D9B96B6F@nisser.com> Date: Mon, 16 Apr 2001 23:28:56 +0200 From: Roelof Osinga Organization: Nisser - Nr. 1 in Veiligheid X-Mailer: Mozilla 4.72 [en] (Windows NT 5.0; U) X-Accept-Language: en,pdf MIME-Version: 1.0 To: Odhiambo Washington Cc: FBSD-Q Subject: Re: Starting JAIL References: <20010416134036.A2022@everest.wananchi.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Odhiambo Washington wrote: > > I am only writing to seek views from those already running JAIL > Well, I just need some advise with JAIL as far as starting up the JAIL > is concerned.I did my fisrt jail yesterday but was wondering how to > start the jails everytime I reboot the host server. Do you have a nice way > to do it? Some script to automate this? I hate to think I haveto start the > JAIl by hand everytime. > Secondly, how do you ensure the safety of your jail? I mean it is possible > that when i am logged in as root in the host server I can still messup > files in the jail, right? the JAIL being a guest system, is there a > way to ensure noone can delete/modify those files accidentally? Put them into a script and put that script into /usr/local/etc/rc.d. Depending on your release you might need to check the first param for a "start" or "stop" content. You don't. Jail it might be, but it's still chroot() based (granted, I'll be whipped horribly if tell it wrong... but, hey! You only live once ;) and chroot's can be broken out of. Especially when you hand them a shell. HTH, Roelof -- Home is where the (@) http://eboa.com/ is. Nisser home -- http://www.Nisser.nl/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message