From owner-freebsd-questions@FreeBSD.ORG Wed Sep 26 07:29:55 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4D6D216A417 for ; Wed, 26 Sep 2007 07:29:55 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from mesiob.obspm.fr (mesiob.obspm.fr [145.238.2.2]) by mx1.freebsd.org (Postfix) with ESMTP id 01FE413C447 for ; Wed, 26 Sep 2007 07:29:54 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from localhost (pcjas.obspm.fr [145.238.2.126]) by mesiob.obspm.fr (8.13.4/8.13.4/SIO Observatoire de Paris) with ESMTP id l8Q7TpeS030197; Wed, 26 Sep 2007 09:29:53 +0200 Date: Wed, 26 Sep 2007 09:29:51 +0200 From: Albert Shih To: Aminuddin Message-ID: <20070926072951.GA64459@pcjas.obspm.fr> References: <20070925230101.CC5F816A54D@hub.freebsd.org> <46f9ac0f.27f8720a.1eea.2115@mx.google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <46f9ac0f.27f8720a.1eea.2115@mx.google.com> User-Agent: Mutt/1.5.16 (2007-06-09) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (mesiob.obspm.fr [145.238.2.2]); Wed, 26 Sep 2007 09:29:53 +0200 (CEST) X-Virus-Scanned: ClamAV version 0.91.2, clamav-milter version 0.91.2 on mesiob.obspm.fr X-Virus-Status: Clean Cc: freebsd-questions@freebsd.org Subject: Re: Sharing application jail and host? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Albert.Shih@obspm.fr List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Sep 2007 07:29:55 -0000 Le 26/09/2007 à 08:47:05+0800, Aminuddin a écrit > Hi freebsd gurus, > I'm playing with jail setup and wanted to provide a virtual server to my > external remote users to login by ssh and run a couple of applications. > > Do I need to install the application using the ports in the jail itself or > can I just install the application in the host environment? Is there any > methods to enable sharing of the application across the jail and host? > Yes it's possible, but if you just begin use jail and if you don't have disk space problem it's better simple to install all applications in each jail. But if don't want to do this this is what you can do : Make on reference jail (don't let user have access) only for reference for example you can install this in /jail/REF After that you create a new jail in /jail/new-jail with in root dir total 15 drwxr-xr-x 18 root wheel 512 Jan 15 2007 REF lrwxr-xr-x 1 root wheel 7 Dec 19 2006 bin -> REF/bin lrwxr-xr-x 1 root wheel 8 Dec 19 2006 boot -> REF/boot dr-xr-xr-x 4 root wheel 512 Mar 12 2007 dev drwxr-xr-x 18 root wheel 2048 Feb 1 2007 etc drwxr-xr-x 19 root wheel 1024 Dec 19 2006 etc-local lrwxr-xr-x 1 root wheel 7 Dec 19 2006 lib -> REF/lib lrwxr-xr-x 1 root wheel 11 Dec 19 2006 libexec -> REF/libexec dr-xr-xr-x 1 root wheel 0 Sep 26 09:24 proc drwxr-xr-x 4 root wheel 512 Jul 5 21:56 root lrwxr-xr-x 1 root wheel 8 Dec 19 2006 sbin -> REF/sbin drwxr-xr-x 3 root wheel 512 Dec 18 2006 share drwxrwxrwt 6 root wheel 512 Sep 26 03:01 tmp lrwxr-xr-x 1 root wheel 7 Dec 19 2006 usr -> REF/usr drwxr-xr-x 22 root wheel 512 Mar 12 2007 var the /jail/new-jail/usr/local/etc is a link to /etc-local After that you mount in nullfs the /jail/REF in /jail/new-jail/REF by using /jail/REF /jail/new-jail/REF nullfs rw 0 0 in your fstab. When you finish you can install the application only in your REF jail and automaticaly is install in all your jail. The «danger» with this method is when you in the new-jail-21 (for example) after some time you forget you using nullfs and .... you erase something useless for new-jail-21 but absolutly need by new-jail-19....Because in a jail you cannot see it's using nullfs. Regards. -- Albert SHIH Observatoire de Paris Meudon SIO batiment 15 Téléphone : 01 45 07 76 26 Heure local/Local time: Mer 26 sep 2007 09:20:27 CEST