From owner-freebsd-hackers  Thu Nov 29 23:16:55 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from hotmail.com (f120.law11.hotmail.com [64.4.17.120])
	by hub.freebsd.org (Postfix) with ESMTP id 5C99537B405
	for <hackers@freebsd.org>; Thu, 29 Nov 2001 23:16:51 -0800 (PST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 29 Nov 2001 23:16:51 -0800
Received: from 24.4.254.79 by lw11fd.law11.hotmail.msn.com with HTTP;
	Fri, 30 Nov 2001 07:16:50 GMT
X-Originating-IP: [24.4.254.79]
From: "Joesh Juphland" <part_lion@hotmail.com>
To: hackers@freebsd.org
Subject: more on jail - suitable for multi user system ?
Date: Fri, 30 Nov 2001 00:16:50 -0700
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F120iPXkmCJiLyNfHgI000142c0@hotmail.com>
X-OriginalArrivalTime: 30 Nov 2001 07:16:51.0046 (UTC) FILETIME=[FB2CB860:01C1796E]
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG


One thing I would like to do as a hobby is start a classic multi-user unix 
system and giving out shell accounts to whoever wants one.  Not a money 
maker, of course, but it would be fun.

My question: does anyone have any comments on using `jail` in a public 
environment like this - that is, instead of giving away individual shell 
accounts, you would give away individual "jails" - basically a whole 
seperate machine with its own IP and own root access, etc.  ?

I am not asking about the commercial viability - it's just a hobby system.  
But in terms of limiting resources (so no one user bogs down the whole 
system) and in terms of security (nobody can turn rogue and bring down / 
compromise the system) is this a viable option ?

Or is jail best kept to environments where the users are in-house (trusted) 
?

Another way of asking this would be, was jail developed for, and best used 
for, creating a safe area for daemons like httpd, or was it developed with 
running many full-blown independent systems on a single machine in mind ?

_any_ comments appreciated.

--joesh

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message