Date: Tue, 13 Jul 2010 10:04:01 -0700 From: Ed Flecko <edflecko@gmail.com> To: freebsd-questions@freebsd.org Subject: Clarification: "Jail" -vs- "Chroot" Message-ID: <AANLkTimdPaIJgfhmJ1r6I1M9AoZUzcKLrnqxcnr3XIvK@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi folks, I'm reading about "jails" and "chroot", and I'm not clear about the differences so I'm hoping someone can clarify this for me. Here's what I "think" is correct: 1.) FreeBSD has both "chroot" capability as well as "jail" capability. 2.) Only FreeBSD has true, "jail" functionality? Yes?...No? 3.) When reading something (book, article, etc.), is there a way to determine if the author is, in fact, talking about truly a "jail" or are they really just referring to a "chroot" environment? For example, I have a book ("Preventing web attacks with Apache") that says: "Chroot is short for change root and essentially allows you to run programs in a protected or jailed environment. The main benefit of a chroot jail is that the jail will limit the portion of the file system the daemon can see to the root directory of the jail. Additionally, since the jail only needs to support Apache, the programs available in the jail can be extremely limited." 4.) Jail is the more secure of the two options? 5.) When would you "typically" use a jail -vs- a chroot? The new, 2nd edition of "Absolute FreeBSD" says: "Chrooting is useful for web servers that have multiple clients on one machine=97that is, web servers with many virtual hosts." Comments??? Suggestions??? Thank you! Ed
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTimdPaIJgfhmJ1r6I1M9AoZUzcKLrnqxcnr3XIvK>