On 6 Nov 2013, at 23:21, John M Andersen wrote:
On 11/6/2013 7:06 PM, Ted Byers wrote:
I was talking with a UNIX admin today about security, and he recommended a strategy involving what are temed jails on FreeBSD. He did say, he has limited experience on Suse and Ubuntu.
Holly cow Ted, do we have to cover a whole semester course in one email?
Jails (called chroot jails in linux) are usually for processes services and such, not for users. The FTP server might put every session in a chroot jail so that they can't get at anything else in the machine. Mail servers typically run in a jail. Users don't run in jails usually. Mostly just services.
Services that are supposed to be run in a Jail, are usually set up that way when you install them by yast.
Virtual machines are whole different item.
Actually, this is not true in the FreeBSD world. FreeBSD has a mature framework for implementing full system environments in jails, where all the jails and the parent host share one kernel image but each jail has its own full complement of standard services and its own IP address (in recent versions, even multiple IPs.) This makes it possible to give users their own VPS's with whatever software they need without allowing them access to the parent host or other jails but with less overhead than full virtual machines. The closest analog for Linux is OpenVZ. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org