FreeBSD jail is kind of chrooted, kernel buildin advanced funciton to create several environments in one operating system. All those environments are using the same kernel – but have they own IP spaces, disk space, users and application. By desing host users (root) can access disk space utilized by the jail, but the oposite is not the case. Also jailed environment cannot access processes running in the host system – but rather can see just they own processes. <\/p>\n\n\n\n
Description of FreeBSD jail for samba purpose in this article will be fairly easy. Thanks to hard work of freebsd developers there are just few steps to configure and run FBSD jail. Of course, more advanced configuration means more complicated. But, let’s start with something simple. <\/p>\n\n\n\n
We will use three technologies to do this configuration:<\/p>\n\n\n\n
First of all, update your FreeBSD using the following command:<\/p>\n\n\n\n
Install ezjail (command necessary to install and manage our jail):<\/p>\n\n\n\n Add the following to the \/etc\/rc.conf<\/p>\n\n\n\n Next, lets download our environment:<\/p>\n\n\n\n Where -p paramteres determine to use portsnap to fetch and extract FreeBSD port tree from portsnap. Above commands create template-like directory structure that is used to create new jails. <\/p>\n\n\n\n Verify you network configuration using ifconfig command. You should see your active network card and lo interface. Restart network settings (with our changes in \/etc\/rc.conf file) to create lo1 interface:<\/p>\n\n\n\n You should see that system has created clone interface, and ifconfig should show it.<\/p>\n\n\n\n Lets create our samba jail (customize IP addr to your environment):<\/p>\n\n\n\n If you want to use “local” directory inside jail environment the easest way will be to bind directory from host system to jailed by adding the following line to \/etc\/fstab in host system (modify it as you like):<\/p>\n\n\n\n Check your environment, start it and get access to the console:<\/p>\n\n\n\n Create\/update your \/etc\/hosts (by adding 127.0.1.1 localhost) and \/etc\/resolv.conf (by adding ie nameserver 8.8.8.8).<\/p>\n\n\n\n Install jail samba package:<\/p>\n\n\n\n Edit and configure samba according to your needs. Simple configuration:<\/p>\n\n\n\n Also create samba user:<\/p>\n\n\n\n Run and verify samba process status:<\/p>\n\n\n\n Samba should now run and be ready to use from the other servers. Verify and adjust configuration to fit your needs. <\/p>\n","protected":false},"excerpt":{"rendered":" FreeBSD jail is kind of chrooted, kernel buildin advanced funciton to create several environments in one operating system. All those environments are using the same kernel – but have they own IP spaces, disk space, users and application. By desing host users (root) can access disk space utilized by the … <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-946","post","type-post","status-publish","format-standard","hentry","category-freebsd"],"_links":{"self":[{"href":"https:\/\/www.labiol.xyz\/index.php\/wp-json\/wp\/v2\/posts\/946","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.labiol.xyz\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.labiol.xyz\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.labiol.xyz\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.labiol.xyz\/index.php\/wp-json\/wp\/v2\/comments?post=946"}],"version-history":[{"count":10,"href":"https:\/\/www.labiol.xyz\/index.php\/wp-json\/wp\/v2\/posts\/946\/revisions"}],"predecessor-version":[{"id":956,"href":"https:\/\/www.labiol.xyz\/index.php\/wp-json\/wp\/v2\/posts\/946\/revisions\/956"}],"wp:attachment":[{"href":"https:\/\/www.labiol.xyz\/index.php\/wp-json\/wp\/v2\/media?parent=946"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.labiol.xyz\/index.php\/wp-json\/wp\/v2\/categories?post=946"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.labiol.xyz\/index.php\/wp-json\/wp\/v2\/tags?post=946"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}freebsd-update fetch update
pkg update
pkg upgrade<\/code><\/p>\n\n\n\npkg install ezjail<\/code><\/p>\n\n\n\nezjail_enable=\"YES\"
cloned_interfaces=\"lo1\"<\/code><\/p>\n\n\n\nezjail-admin install<\/code>ezjail-admin update -p<\/code><\/p>\n\n\n\nservice netif cloneup
ifconfig<\/code><\/p>\n\n\n\nezjail-admin create samba01 'lo1|127.0.1.1,em0|192.168.10.157'<\/code><\/p>\n\n\n\n\/host-jailshare \/usr\/jails\/samba01\/data nullfs rw 0 0<\/code><\/p>\n\n\n\nezjail-admin list
ezjail-admin start samba01
ezjail-admin console samba01<\/code><\/p>\n\n\n\npkg install samba413<\/code><\/p>\n\n\n\nroot@samba01:~ # cat \/usr\/local\/etc\/smb4.conf
[global]
interfaces = 192.168.10.157
bind interfaces only = yes
remote announce = 192.168.10.255
map to guest = bad user
[data]
comment = data on fbsd samba server
path = \/data
read only = no
guest ok = yes
valid users = smbuser
writable = yes
browseable = yes<\/code><\/p>\n\n\n\nadduser smbuser
smbpasswd -a smbuser<\/code><\/p>\n\n\n\nservice samba_server start
service samba_server status<\/code><\/p>\n\n\n\n
As promised, simple and fast configuraiton. If you want to have more secure\/advanced configuration I can recommend the following:<\/p>\n\n\n\n