Date: Sat, 16 Jan 2010 20:40:28 -0700 From: "Peter" <fbsdq@peterk.org> To: "Kirk Strauser" <kirk@strauser.com> Cc: freebsd-questions@freebsd.org Subject: Re: To jail, or not to jail? Message-ID: <6b6c48a6d28df6c12f2319c0ea85d2ba.squirrel@pop.pknet.net> In-Reply-To: <4B525827.1090309@strauser.com> References: <4B525827.1090309@strauser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I've been having fun playing with jails on my home server. There's one > for databases, one for a webserver, another for using as a play shell > server, etc. We use jails heavily at work for encapsulating services, > and I can make a pretty good argument there for doing so. In general, > though, do you see jails as particularly important or useful when not in > a hosting environment where you're giving root access to an untrusted > party? How far do you go toward segregating services? Theoretically, you > could have a jail per daemon, but it seems like down that path lies > madness. > -- > Kirk Strauser For home machine, I don't use any jails. All services run on host system. Not in a "hosting" environment with zero "untrusted" users, I still use 'jail'. I can always build 'newjail' duplicate services on it, test, and very quick switch from 'oldjail' to 'newjail' when all tests come back clean. Gives me a lot more room to play around/break things without effecting running services. Try not to have any services on the host system to keep it completely clean, easy upgrade as I can wipe the OS out [or move HD to new server], reinstall, mount the jails/zfs and have a running system in minutes. ]Peter[
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6b6c48a6d28df6c12f2319c0ea85d2ba.squirrel>