> I've been having fun playing with jails on my home server. There's one > for databases, one for a webserver, another for using as a play shell > server, etc. We use jails heavily at work for encapsulating services, > and I can make a pretty good argument there for doing so. In general, > though, do you see jails as particularly important or useful when not in > a hosting environment where you're giving root access to an untrusted > party? How far do you go toward segregating services? Theoretically, you > could have a jail per daemon, but it seems like down that path lies > madness. > -- > Kirk Strauser
For home machine, I don't use any jails. All services run on host system. Not in a "hosting" environment with zero "untrusted" users, I still use 'jail'. I can always build 'newjail' duplicate services on it, test, and very quick switch from 'oldjail' to 'newjail' when all tests come back clean. Gives me a lot more room to play around/break things without effecting running services. Try not to have any services on the host system to keep it completely clean, easy upgrade as I can wipe the OS out [or move HD to new server], reinstall, mount the jails/zfs and have a running system in minutes. ]Peter[ _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"