Welcome back for another episode of the ABC's of NSM.  What's NSM you say?  We'll go with Network and System Management, but you could throw Security in there as well.  We'll work our way through the alphabet over the next several weeks looking at tools and abc_2_4concepts along the way for all the administrators out there.  By the way, you can thank Joe for the format & Don for the title (I  couldn't for the life of me come up with one.)   

Today's letter J is for Jail.  Actually, the *nix command is chroot, but it has long been affectionately called a jail as the point of the command is to imprison an application so as to protect the larger operating system from any naughty behavior by outsiders.  Once an application has been jailed in its own virtual root directory, it cannot access or list anything lower in the file system hierarchy.  If you're interested in how to configure a jail for apache, there's a nice overview here

To Jail or not to Jail?  If the application is fairly compact, doesn't stretch its tentacles too far, and can run efficiently as a non-root user, then it can probably be housed successfully in a jail.  Keep in mind any directories or files required by the application will need to be copied to the jail, so the more files and directories required, the more complex the scenario is and therefore by nature less secure.

 

Follow me on Twitter Follow me on LinkedIn Follow me on Facebook