Date: Tue, 13 Jul 2010 10:04:01 -0700 From: Ed Flecko <edflecko@gmail.com> To: freebsd-questions@freebsd.org Subject: Clarification: "Jail" -vs- "Chroot" Message-ID: <AANLkTimdPaIJgfhmJ1r6I1M9AoZUzcKLrnqxcnr3XIvK@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi folks,
I'm reading about "jails" and "chroot", and I'm not clear about the
differences so I'm hoping someone can clarify this for me.
Here's what I "think" is correct:
1.) FreeBSD has both "chroot" capability as well as "jail" capability.
2.) Only FreeBSD has true, "jail" functionality? Yes?...No?
3.) When reading something (book, article, etc.), is there a way to
determine if the author is, in fact, talking about truly a "jail" or
are they really just referring to a "chroot" environment? For example,
I have a book ("Preventing web attacks with Apache") that says:
"Chroot is short for change root and essentially allows you to run
programs in a protected or jailed environment. The main benefit of a
chroot jail is that the jail will limit the portion of the file system
the daemon can see to the root directory of the jail. Additionally,
since the jail only needs to support Apache, the programs available in
the jail can be extremely limited."
4.) Jail is the more secure of the two options?
5.) When would you "typically" use a jail -vs- a chroot? The new, 2nd
edition of "Absolute FreeBSD" says:
"Chrooting is useful for web servers that have multiple clients on one
machine=97that is, web servers with many virtual hosts."
Comments??? Suggestions???
Thank you!
Ed
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTimdPaIJgfhmJ1r6I1M9AoZUzcKLrnqxcnr3XIvK>