--7CZp05NP8/gJM8Cl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2004-05-18 14:41 +1000, Norberto Meijome <[email protected]> wrote: > Richard Coleman wrote: >=20 > >Using a chroot or a jail is the way to go if possible. If you can't use= =20 > >that, then unix permissions or ACL's is the next bet. Restricting=20 > >commands is the most fragile solution since in many cases it can be=20 > >subverted. >=20 > Excuse my ignorance, could you quickly tell me the difference (or point= =20 > me to a good reference article/book) between chroot + jail? > is it that a jail is always chrooted but not the other way around? > is a jail more encompassing than chroot only? If you had typed "freebsd jail" into Google, this paper would have been the first of several hundred useful links. The answer to your question is in its introduction. http://docs.freebsd.org/44doc/papers/jail/jail.html Greg --=20 Gregory S. Sutter Was Jimi's modem a Purple Hayes? mailto:[email protected]=20 http://zer0.org/~gsutter/=20 --7CZp05NP8/gJM8Cl Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iD8DBQFAqcrPIBUx1YRd/t0RAjBVAKCK7VHyRRiOu/9OAS2Pw7kW8wXp+wCfegz6 oAfwPZEqXodpUSJzc64kD54= =GL/a -----END PGP SIGNATURE----- --7CZp05NP8/gJM8Cl--