Subject: Re: Implementing jail
To: None <tech-kern@netbsd.org>
From: Matthew Mondor <mmondor@gobot.ca>
List: tech-kern
Date: 12/15/2002 20:20:27
On Sun, Dec 15, 2002 at 04:17:15PM +0100, Martin Husemann wrote:

> Well, you are aware that you do not need the jail functionality for a virtual
> server? A few interface aliases, proper apache configuration and maybe
> chroot'd ssh acounts will do what you want. The jail just adds a tiny piece
> of security for the case where the virtual clients have root access.

I agree, there is even more and more software which can work with virtual
users now, (unfortunately I did not see an sshd implementation of this
however). But this works well for SMTP/POP3/IMAP and HTTP, FTP already..
Moreover there is such software which can run entirely as an unprivileged
user now...

Matt