The doc that Weaseal posted can also be done easily using ezjail (in the ports tree as sysutils/ezjail). Personally, I have just about everything jailed on my system (the base system is just that pretty much). Apache is in a jail, MySQL is in a jail, PostgreSQL in a jail, vsftpd is in a jail, and even "shell services" in a jail. I make use of mount_nullfs when absolutely necessary (for example, on shell server, ~/public_html is a softlink to /www/<username> in the jail system, and that FS is mount_nullfs to the WWW jail so that userdirs still display from the webserver... I know it's not perfect, but it's a good option without giving everybody access to the web server).
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident!
|