Yes nilsgecko, thanks to all the work many people have done around the world to show most of the puzzle, but I don't know why things are so complicated by many ways of doing jail. Even ez-jail seems complicated because it talk flavors but it don't tell me it creates a full jail and not a tiny service jail. I found that info else where last night, after an year of wondering (it comes nothing close to what's in the hand-book).
That why I fear doing anything until now. I learned dd'ing for nearly anything fairly well. Now I simply replace that tiny 40GB partition in under 15 minutes with AMD-64. I do that under ARCH install on a tiny (1035MB) Extended-5 partition and saved it on a gigantic Extended-8 Ext-2 and Extended-9 Fat-32
just because it cost me nothing to <cp -prv> it to the fat32 partition or reverse. I copy the best to a flash stick and pocket it. You can rob me of my money, you can take my ugly wife and ALL my spoil kids .. but if you take my flash-stick, I can only promise you this:
http://www.youtube.com/watch?v=awskKWzjlhk
That's why it's only 40GB on a 1-Trig HDD. I have 2 more big primary partitions next to FreeBSD in the waiting. If things go well I simply <newfs -U /dev/ad4s2> and use that for more space for whatever, and/or more jails... cool planning hey!
But still it makes no since with all of these complicated ways to do jail when all you have to do is this, than carefully gut the mroot down to size manually and remove certain libraries and bsd programs ... (
if a hacker enter, he be piss-off that he have no tools to work-with.. he have to go home and make some noise just to bring some back with him, or reverse). heehee
Anyway, now you also delete those empty directories in the share and every where else except /var if any. Now you have let places for the hacker to hide his sh^t just incase you missed that 200MB worth of network noise.
Keep this as your template and use cpdup to copy it else-where, where you add your needed service for each. I even founded a better way for free. It's about simply changing permission and resetting it once moved. I been wanting to do this from day-1. Now I know it can be done and you get <fsck> defrag of 0 for free just like I thought. This was my biggest dream and its about to come true. We all have our trips. This was my's and very few others according to google.
Big deal about more disk-space wasted per-jail. This is not the tiny 80x4 MB HDD most docs was written for back in the 80's and 90's. Heck, I bet your jail-template can be as small as 35MB-100MB if you gut it properly but no one tells you that on the net. I think Apache only needs libc and FreeBSD fantastic network stack-plus. I want as much total jail independence as possible, and who care about 10MB-100MB each memory wasted. 4 - 8 GB of RAM is standard these days.
.. with 4GB you can get up to one million static connections for web-page viewing. A full install of FreeBSD itself only use under 10MB of RAM and 2% of CPU, (but don't ask, your answer may be "WHY"? THE-END again.)
# cd /usr/src
# make buildworld
# make installworld
Now to the Good Part:
Out of all the complicated ways I found while googling that scared the life out of me all year long, I really like what this guy is talking, and he choose the old-fashion FreeBSD way, but he leaves out no important details that the user is concern about. I found it yesterday .. I'll be trying it tomorrow after I get this jail of jails gutted, clean-up and tucked away (dd and saved).
But now we got jail2. Maybe that's why the easy way works, but nobody ever go into details but this guy,
Mr. Kris Zentner. It's like a one on one conversation with words to live by.
http://www.section6.net/wiki/index.p...a_FreeBSD_Jail
I usually be speculating as I spit out my ideas. If all is well, cool, but if I am wrong I need to be told. Time to go to work. I'll take my time so I can do it right the first time, especially just to remember until I find the best way any WHY. Bottom line, there better be a reason.
Bye