Hello,
I am new to jails and ..... there are a lot of options when creating jails. Most interesting for me right now are the security related settings.
It starts with the creation of the jail. IMHO something normally done by root. However are the permissions of the person root in this example, to a certain extend inherit by the jail??
And then we have the host system TrueNas in this case having user management. Question there is, to which extend does a jail have its own user management, or is the host user management at the same time also the jails user management (something I can image n given the fact that they share the same file system.
At the end we have at least three security roles:
1) the jail creator / maintainer (on jail level) ^root^
2) the jail content maintainer ^having limited root rights^
3) the programs running inside the jail ^having not more rights than strictly required^
4) some plugin user ^should only have minimal rights^
Than during installation a plugin is creating a directory tree. And that tree should be accessible for root / content maintainer / running program
Thinking this way I wonder what the impact is on e.g. the basic jail settings. I noticed settings like:
- exec_system_user
- exec_system_jail_user
- exec_jail_user
And trying to find the consequences of those settings, I noticed that the formal documentation does not give a more useful clarification than the help popup in the gui ..... which is 'a bit vague'
So if someone could explain this, or has links to good articles and/or examples
I would be glad
I am new to jails and ..... there are a lot of options when creating jails. Most interesting for me right now are the security related settings.
It starts with the creation of the jail. IMHO something normally done by root. However are the permissions of the person root in this example, to a certain extend inherit by the jail??
And then we have the host system TrueNas in this case having user management. Question there is, to which extend does a jail have its own user management, or is the host user management at the same time also the jails user management (something I can image n given the fact that they share the same file system.
At the end we have at least three security roles:
1) the jail creator / maintainer (on jail level) ^root^
2) the jail content maintainer ^having limited root rights^
3) the programs running inside the jail ^having not more rights than strictly required^
4) some plugin user ^should only have minimal rights^
Than during installation a plugin is creating a directory tree. And that tree should be accessible for root / content maintainer / running program
Thinking this way I wonder what the impact is on e.g. the basic jail settings. I noticed settings like:
- exec_system_user
- exec_system_jail_user
- exec_jail_user
And trying to find the consequences of those settings, I noticed that the formal documentation does not give a more useful clarification than the help popup in the gui ..... which is 'a bit vague'
So if someone could explain this, or has links to good articles and/or examples
I would be glad
Last edited:
