Hi, Sure, jails require more work regarding administration. Ports are not the biggest problem I think, it's the easy part. The problem is when you have to update the world. But even here, with a good script, it's not such a nightmare.
Maybe all you need is Michael's solution. But take into account that with jails, you have a great flexibility regarding the application you install for a particular client. And all the security that a jail system can offer, plus a fantastic way of managing your backups. I personally run a jail based VPS server, based on FreeBSD 6.0, with 13 jails at the moment. It's a dual xeon, with 4GB RAM, and RAID 5 SCSI HDs. I have 355 MB RAM active, 1525 inactive and 1679 MB RAM are free. I intend to run a maximum of 50 jails on this server. And until now, nothing seems to oppose to my plans. Beware of one thing with jails, though: a bug in FreeBSD does not permit a clean shutdown of jails. But tust me: you never need to! Hope this helps, and keep us informed of your choice. Philippe Lang -----Message d'origine----- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Jahilliya Envoyé : mardi, 9. mai 2006 14:48 À : Michael Grant Cc : freebsd-questions@freebsd.org Objet : Re: jails or chroot? On 5/9/06, Michael Grant <[EMAIL PROTECTED]> wrote: > > I host a bunch of websites on my box. Recently I had some problems > with file access problems with php which caused me to look into > putting each of my clients into their own jail or chroot. I have > roughly 100 different domains I'd need to split. > > Has anyone done this for more than a handfull of clients? Using > apache and their "mass virtual hosting", 100 domains is a breeze. But > with a jail or chroot, I need a separate apache process for each > domain. This is going to mean hundreds of apache processes. This > seems unreasonable. Agreed that creation hundreds of chroots or jails would be an administrative nightmare. File access can be solved with suexec (compile apache with suexec enabled), this means that for each virtual host entry in your apache config you add User and Group (check http://httpd.apache.org/docs/2.2/suexec.html or your apache version doc set). This will make each apache process run as the user specified in virtual host entry (not www) allowing you to restrict their access to files with filesystem ACL's and even ugidfw, you could also then setup process/memory restrictions in /etc/login.conf It will also make updating pretty much as standard as it is now. Give it a burl if it sounds like what you need. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
smime.p7s
Description: S/MIME cryptographic signature