From owner-freebsd-questions@FreeBSD.ORG  Sun Jan 17 13:05:52 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3E0E9106566B
	for <freebsd-questions@freebsd.org>;
	Sun, 17 Jan 2010 13:05:52 +0000 (UTC)
	(envelope-from mail25@bzerk.org)
Received: from ei.bzerk.org (tunnel490.ipv6.xs4all.nl
	[IPv6:2001:888:10:1ea::2])
	by mx1.freebsd.org (Postfix) with ESMTP id C19158FC12
	for <freebsd-questions@freebsd.org>;
	Sun, 17 Jan 2010 13:05:51 +0000 (UTC)
Received: from ei.bzerk.org (BOFH@localhost [127.0.0.1])
	by ei.bzerk.org (8.14.2/8.14.2) with ESMTP id o0HD5llg064077;
	Sun, 17 Jan 2010 14:05:47 +0100 (CET)
	(envelope-from mail25@bzerk.org)
Received: (from bulk@localhost)
	by ei.bzerk.org (8.14.3/8.14.2/Submit) id o0HD5lrM064074;
	Sun, 17 Jan 2010 14:05:47 +0100 (CET)
	(envelope-from mail25@bzerk.org)
Date: Sun, 17 Jan 2010 14:05:47 +0100
From: Ruben de Groot <mail25@bzerk.org>
To: Kirk Strauser <kirk@strauser.com>
Message-ID: <20100117130547.GA60117@ei.bzerk.org>
Mail-Followup-To: Ruben de Groot <mail25@bzerk.org>,
	Kirk Strauser <kirk@strauser.com>, freebsd-questions@freebsd.org
References: <4B525827.1090309@strauser.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4B525827.1090309@strauser.com>
User-Agent: Mutt/1.4.2.3i
X-Spam-Status: No, score=-4.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00
	autolearn=ham version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on ei.bzerk.org
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0.1
	(ei.bzerk.org [127.0.0.1]); Sun, 17 Jan 2010 14:05:50 +0100 (CET)
Cc: freebsd-questions@freebsd.org
Subject: Re: To jail, or not to jail?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Jan 2010 13:05:52 -0000

On Sat, Jan 16, 2010 at 06:21:59PM -0600, Kirk Strauser typed:
> I've been having fun playing with jails on my home server. There's one 
> for databases, one for a webserver, another for using as a play shell 
> server, etc. We use jails heavily at work for encapsulating services, 
> and I can make a pretty good argument there for doing so. In general, 
> though, do you see jails as particularly important or useful when not in 
> a hosting environment where you're giving root access to an untrusted 
> party? How far do you go toward segregating services? Theoretically, you 
> could have a jail per daemon, but it seems like down that path lies madness.

Not long ago, I've setup some development servers with ezjail where different
developers can each rapidly create standard jailed environments and do their
dev and test work there, and discard them when they're finished.
Next to hosting, I believe this is another environment where jailing is a great
advantage.

Ruben