Skip to topic | Skip to bottom
Home
Freebsd
  • Technorati
Log in

Freebsd.ConfigureJailEnvironmentr1.2 - 19 May 2004 - 15:16 - KirkStrausertopic end
Start of topic | Skip to actions

Your new JailEnvironment will probably start and run, unmodified, after following the steps in BuildAndUpdateJails. You'll still need to tweak a few setting to make your new system feel at home.

Note that I do not receive mail in any of my jails. If you're running a hosting provider, you'll need to adjust these settings accordingly.

/etc/make.conf

I'd suggest copying the host environment's /etc/make.conf into the jail, since most of the settings will still apply. Two useful additions are: 

SENDMAIL_MC=/etc/mail/jailenvironment.domain.com.mc
WRKDIRPREFIX=/var/tmp

The first line is in accordance with LocalSendmailConfiguration practices. When the jail's admin runs make install in /etc/mail, the Makefile will look for a file by that name. If one doesn't exist, then it copies /etc/mail/freebsd.mc to a new file with that name, then runs uses that file to build the configuration. However, at some time or another (probably right after following the instructions in BuildAndUpdateJails), you'll ChRoot? to this jail's filesystem to do a bit of maintenance. If you happen to run make install then, the Makefile will see a different system hostname than if you were running it from inside the jail, and will look for /etc/mail/hostenvironment.domain.com.mc. Since it doesn't exist, it will use freebsd.mc (the default file) to generate sendmail.cf, and will completely ignore any local customizations. Just hardcode this value and forget about it - it'll pay off later.

The second line tells the PortsCollection to build programs under /var/tmp instead of under /usr/ports. This is handy if you mount /usr/ports as a read-only filesystem inside the jail, i.e. if you want to use NFS to replicate /usr/ports to many separate JailEnvironments without wasting n copies of that drive space.

/etc/rc.conf 

# Use a secure connection to administer the jail
sshd_enable="YES"

inetd_enable="YES"
nisdomainname="NO"

# Run syslogd locally
syslogd_enable="YES"
syslogd_flags="-a 127.0.0.1/8"

# Turn on connection logging
inetd_flags="-wWl"

# Only allow outgoing email
sendmail_enable="NONE"
sendmail_submit_enable="NO"
sendmail_outbound_enable="YES"  # Dequeue stuck mail (YES/NO).
sendmail_outbound_flags="-L sm-queue -q30m" # Flags to sendmail (outbound only)
sendmail_msp_queue_enable="YES" # Dequeue stuck clientmqueue mail (YES/NO).
sendmail_msp_queue_flags="-L sm-msp-queue -Ac -q30m"
                                # Flags for sendmail_msp_queue daemon.
# Not appropriate for jails
tcp_keepalive="NO"
tcp_extensions="NO"

LocalSendmailConfiguration: 

-dnl define(`SMART_HOST', `your.isp.mail.server')
+define(`SMART_HOST', `hostenvironment.domain.com')

-- KirkStrauser - 19 May 2004

End of topic
Skip to action links | Back to top

ClassForm
TopicClassification: SystemSecurity
OsVersion: 4.x, CURRENT


Edit | Attach image or document | Printable version | Raw text | More topic actions
Revisions: | r1.2 | > | r1.1 | Total page history | Backlinks
You are here: Freebsd > JailEnvironments > BuildAndUpdateJails > ConfigureJailEnvironment

to top

Copyright © 1999-2008 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Subwiki? Send feedback