1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
|
<?xml version="1.0" encoding="ISO-8859-7" standalone="no"?>
<!--
Ôï Åã÷åéñßäéï ôïõ FreeBSD: Jails
The FreeBSD Greek Documentation Project
$FreeBSD$
%SOURCE% en_US.ISO8859-1/books/handbook/jails/chapter.sgml
%SRCID% 38826
-->
<chapter id="jails">
<chapterinfo>
<authorgroup>
<author>
<firstname>Matteo</firstname>
<surname>Riondato</surname>
<contrib>ÓõíåéóöïñÜ áðü ôïí </contrib>
</author>
</authorgroup>
</chapterinfo>
<title>Jails</title>
<indexterm><primary>jails</primary></indexterm>
<sect1 id="jails-synopsis">
<title>Óýíïøç</title>
<para>Ôï êåöÜëáéï áõôü åîçãåß ôé åßíáé ôá jails (öõëáêÝò) ôïõ &os; êáé
ðùò ÷ñçóéìïðïéïýíôáé. Ôá jails, ðïõ áíáöÝñïíôáé ïñéóìÝíåò öïñÝò óáí
ìéá åíéó÷õìÝíç åíáëëáêôéêÞ ëýóç ãéá
<emphasis>ðåñéâÜëëïíôá chroot</emphasis>, åßíáé Ýíá éó÷õñü åñãáëåßï ãéá
äéá÷åéñéóôÝò óõóôçìÜôùí, áëëÜ ç âáóéêÞ ôïõò ÷ñÞóç ìðïñåß åðßóçò íá
åßíáé ÷ñÞóéìç óå ðñï÷ùñçìÝíïõò ÷ñÞóôåò.</para>
<para>Áöïý äéáâÜóåôå áõôü ôï êåöÜëáéï, èá îÝñåôå:</para>
<itemizedlist>
<listitem>
<para>Ôé åßíáé Ýíá jail êáé ôé óêïðü ìðïñåß íá åîõðçñåôÞóåé óå
åãêáôáóôÜóåéò &os;.</para>
</listitem>
<listitem>
<para>Ðùò íá öôéÜîåôå, íá åêêéíÞóåôå, êáé íá óôáìáôÞóåôå Ýíá
jail.</para>
</listitem>
<listitem>
<para>Ôá âáóéêÜ ôçò äéá÷åßñéóçò åíüò jail, ôüóï ìÝóá, üóï êáé Ýîù
áðü áõôü.</para>
</listitem>
</itemizedlist>
<para>¶ëëåò ðçãÝò ÷ñÞóéìùí ðëçñïöïñéþí ó÷åôéêÜ ìå ôá jails åßíáé:</para>
<itemizedlist>
<listitem>
<para>Ç óåëßäá manual ôïõ &man.jail.8;. ÐåñéÝ÷åé ðëÞñç áíáöïñÜ
ôïõ âïçèçôéêïý ðñïãñÜììáôïò <command>jail</command> —
ôïõ äéá÷åéñéóôéêïý åñãáëåßïõ ðïõ ìðïñåß íá ÷ñçóéìïðïéçèåß óôï &os;
ãéá ôçí åêêßíçóç, äéáêïðÞ, êáé Ýëåã÷ï ôùí jails.</para>
</listitem>
<listitem>
<para>Ïé ëßóôåò ôá÷õäñïìåßïõ êáé ôá áñ÷åßá ôïõò. Ôá áñ÷åßá áðü ôçí
&a.questions; êáé Üëëåò ëßóôåò ðïõ åîõðçñåôïýíôáé áðü ôïí
&a.mailman.lists; ðåñéÝ÷ïõí ðëÞñç ïäçãü ãéá ôá jails. Åßíáé ðÜíôïôå
åíäéáöÝñïí íá øÜ÷íåôå ôá áñ÷åßá Þ íá äçìïóéåýåôå íÝåò åñùôÞóåéò
óôç ëßóôá &a.questions.name;.</para>
</listitem>
</itemizedlist>
</sect1>
<sect1 id="jails-terms">
<title>¼ñïé ôùí Jails</title>
<para>Ãéá íá êáôáíïÞóåôå êáëýôåñá ôï ðùò ïé åóùôåñéêÝò ëåéôïõñãßåò ôïõ
&os; ó÷åôßæïíôáé ìå ôá jails êáé ðùò áõôÝò áëëçëåðéäñïýí ìå ôá õðüëïéðá
ìÝñç ôïõ &os;, èá ÷ñçóéìïðïéÞóïõìå åêôåíþò ôïõò ðáñáêÜôù üñïõò:</para>
<variablelist>
<varlistentry>
<term>&man.chroot.8; (åíôïëÞ)</term>
<listitem>
<para>¸íá âïçèçôéêü ðñüãñáììá, ôï ïðïßï ÷ñçóéìïðïéåß ôçí êëÞóç
óõóôÞìáôïò &man.chroot.2; ôïõ &os; ãéá íá áëëÜîåé
ôïí ãïíéêü êáôÜëïãï (root directory) ìéáò äéåñãáóßáò êáé üëùí ôùí
Üëëùí äéåñãáóéþí ðïõ åîáñôþíôáé áðü áõôÞ.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>&man.chroot.2; (ðåñéâÜëëïí)</term>
<listitem>
<para>Ôï ðåñéâÜëëïí ìéá äéåñãáóßáò ðïõ ôñÝ÷åé ìÝóá óå Ýíá
<quote>chroot</quote>. Áõôü ðåñéëáìâÜíåé ðüñïõò üðùò ôï ôìÞìá
ôïõ óõóôÞìáôïò áñ÷åßùí ðïõ åßíáé ïñáôü, ôá ID ôïõ ÷ñÞóôç êáé ôçò
ïìÜäáò ðïõ åßíáé äéáèÝóéìá, êáèþò êáé ôéò äéåðáöÝò äéêôýïõ
(network interfaces), ôïõò ìç÷áíéóìïýò IPC êëð.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>&man.jail.8; (åíôïëÞ)</term>
<listitem>
<para>Ôï ðñüãñáììá ðïõ óáò åðéôñÝðåé íá äéá÷åéñßæåóôå ôï óýóôçìá
óáò êáé íá îåêéíÜôå äéåñãáóßåò óå ðåñéâÜëëïí jail.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>host (óýóôçìá (system), äéåñãáóßá (process), ÷ñÞóôçò (user),
êëð.)</term>
<listitem>
<para>Ôï öõóéêü óýóôçìá ðïõ öéëïîåíåß êáé åëÝã÷åé Ýíá ðåñéâÜëëïí
jail. Ôï host system Ý÷åé ðñüóâáóç óå üëï ôï äéáèÝóéìï õëéêü,
êáé ìðïñåß íá åëÝãîåé äéåñãáóßåò ôüóï ìÝóá üóï êáé Ýîù áðü ôï
ðåñéâÜëëïí ôïõ jail. Ìßá áðü ôéò óçìáíôéêüôåñåò äéáöïñÝò ìåôáîý
ôïõ host system êáé ôïõ jail åßíáé üôé ïé ðåñéïñéóìïß ðïõ
åöáñìüæïíôáé óôéò äéåñãáóßåò ôïõ ÷ñÞóôç root ìÝóá óôï ðåñéâÜëëïí
jail, äåí éó÷ýïõí ãéá ôéò äéåñãáóßåò óôï host system.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>hosted (óýóôçìá (system), äéåñãáóßá (process), ÷ñÞóôçò (user),
êëð.)</term>
<listitem>
<para>Ìéá äéåñãáóßá, Ýíáò ÷ñÞóôçò Þ êÜðïéá Üëëç ïíôüôçôá, ôïõ
ïðïßïõ ç ðñüóâáóç óôïõò ðüñïõò ôïõ óõóôÞìáôïò ðåñéïñßæåôáé ìÝóá
áðü Ýíá jail.</para>
</listitem>
</varlistentry>
</variablelist>
</sect1>
<sect1 id="jails-intro">
<title>ÅéóáãùãÞ</title>
<para>Ìéá êáé ç äéá÷åßñéóç åíüò óõóôÞìáôïò ìðïñåß íá åßíáé äýóêïëç êáé
ðåñßðëïêç, áíáðôý÷èçêáí áñêåôÜ åñãáëåßá ôá ïðïßá ìðïñïýí íá êÜíïõí ôç
æùÞ åíüò äéá÷åéñéóôÞ ðïëý ðéï åýêïëç. Ôá åñãáëåßá áõôÜ ðñïóöÝñïõí
êÜðïéåò ðñüóèåôåò äõíáôüôçôåò üóï áöïñÜ ôïí ôñüðï åãêáôÜóôáóçò,
ñýèìéóçò êáé óõíôÞñçóçò åíüò óõóôÞìáôïò. Ìéá áðü ôéò åñãáóßåò ðïõ
áíáìÝíåôáé íá åêôåëÝóåé êÜèå äéá÷åéñéóôÞò óõóôÞìáôïò, åßíáé íá ñõèìßóåé
óùóôÜ ôçí áóöÜëåéá ôïõ óõóôÞìáôïò, ðñïêåéìÝíïõ íá ðñïóöÝñåé ôéò
õðçñåóßåò ãéá ôéò ïðïßåò Ý÷åé ðñïãñáììáôéóôåß, ÷ùñßò íá åðéôñÝðåé
óõìâéâáóìïýò óôçí áóöÜëåéá.</para>
<para>¸íá áðü ôá åñãáëåßá ðïõ ìðïñïýí íá åíéó÷ýóïõí ôçí áóöÜëåéá åíüò
óõóôÞìáôïò &os; åßíáé ôá <emphasis>jails</emphasis>. Ôá Jails
ðñùôïåìöáíßóôçêáí óôï &os; 4.X áðü ôïí &a.phk;, áëëÜ âåëôéþèçêáí
ðïëý ðåñéóóüôåñï óôçí Ýêäïóç &os; 5.X, ðñïêåéìÝíïõ íá ðñïóöÝñïõí
ðåñéóóüôåñåò äõíáôüôçôåò êáé íá åßíáé ðåñéóóüôåñï åõÝëéêôá. Ç áíÜðôõîÞ
ôïõò óõíå÷ßæåôáé áêüìç, ìå âåëôéþóåéò óôïõò ôïìåßò ôçò åõ÷ñçóôßáò, ôçò
áðüäïóçò, ôçò áîéïðéóôßáò êáé ôçò áóöÜëåéáò ðïõ ðñÝðåé íá
ðáñÝ÷ïõí.</para>
<sect2 id="jails-what">
<title>Ôé Åßíáé ¸íá Jail</title>
<para>Ôá ëåéôïõñãéêÜ óõóôÞìáôá ôýðïõ BSD, ðáñåß÷áí ôï &man.chroot.2; áðü
ôçí åðï÷Þ ôïõ 4.2BSD. Ç åíôïëÞ &man.chroot.8; ìðïñåß íá
÷ñçóéìïðïéçèåß ãéá íá áëëÜîåé ôïí ãïíéêü êáôÜëïãï ìéáò ïìÜäáò
äéåñãáóéþí, äçìéïõñãþíôáò Ýíá áóöáëÝò ðåñéâÜëëïí, îå÷ùñéóôü áðü ôï
õðüëïéðï óýóôçìá. ¼óåò äéåñãáóßåò äçìéïõñãïýíôáé óå Ýíáí ôÝôïéï
ðåñéâÜëëïí, äåí Ý÷ïõí ðñüóâáóç óå áñ÷åßá êáé ðüñïõò Ýîù áðü áõôü.
Ãéá áõôü ôï ëüãï, áí ìéá õðçñåóßá ôñÝ÷åé ìÝóá óå Ýíá ôÝôïéï
ðåñéâÜëëïí, êáé êÜðïéïò åéóâïëÝáò êáôáöÝñåé íá äéåéóäýóåé óå áõôÞ, äå
èá ôïõ åðéôñáðåß ç ðñüóâáóç óôï õðüëïéðï óýóôçìá.
Ç åíôïëÞ &man.chroot.8; åßíáé ðïëý êáëÞ ãéá áðëÝò åñãáóßåò ïé ïðïßåò
äå ÷ñåéÜæïíôáé íá åßíáé ðïëý åõÝëéêôåò Þ íá äéáèÝôïõí ðïëýðëïêá êáé
ðñïçãìÝíá ÷áñáêôçñéóôéêÜ. Ùóôüóï, áðü ôçí áñ÷Þ ôçò éäÝáò ôïõ chroot,
âñÝèçêáí áñêåôïß ôñüðïé ãéá íá ìðïñÝóåé êÜðïéïò íá îåöýãåé áðü ôï
ðåñéâÜëëïí áõôü. Ðáñ' üëï ðïõ Ý÷ïõí äéïñèùèåß ðïëëÜ óöÜëìáôá óôéò
ðñüóöáôåò åêäüóåéò ôïõ ðõñÞíá ôïõ &os;, Þôáí îåêÜèáñï üôé ç
&man.chroot.2; äåí Þôáí ç éäáíéêÞ ëýóç ãéá ôçí áóöÜëéóç õðçñåóéþí.
¸ðñåðå íá õëïðïéçèåß Ýíá íÝï õðïóýóôçìá.</para>
<para>Áõôüò åßíáé Ýíáò áðü ôïõò êýñéïõò ëüãïõò ãéá ôçí áíÜðôõîç ôùí
<emphasis>jails</emphasis>.</para>
<para>Ôá jails âåëôßùóáí ìå äéÜöïñïõò ôñüðïõò ôçí éäÝá ôïõ ðáñáäïóéáêïý
ðåñéâÜëëïíôïò ôïõ &man.chroot.2;. Óôï ôõðéêü ðåñéâÜëëïí ôïõ
&man.chroot.2;, ïé äéåñãáóßåò ðåñéïñßæïíôáé ìüíïò ùò ðñïò ôï ìÝñïò
ôïõ óõóôÞìáôïò áñ÷åßùí üðïõ ìðïñïýí íá Ý÷ïõí ðñüóâáóç. Ïé õðüëïéðïé
ðüñïé ôïõ óõóôÞìáôïò (üðùò ïé ÷ñÞóôåò, ïé ôñÝ÷ïíôåò äéåñãáóßåò, ôï
õðïóýóôçìá äéêôýùóçò) åßíáé êïéíü÷ñçóôïé ìåôáîý ôùí äéåñãáóéþí ôïõ
ðåñéâÜëëïíôïò chroot êáé ôùí äéåñãáóéþí ôïõ host system. Ôá jails
åðåêôåßíïõí áõôü ôï ìïíôÝëï, ìå ôçí åéêïíéêïðïßçóç ü÷é ìüíï ôçò
ðñüóâáóçò óôï óýóôçìá áñ÷åßùí, áëëÜ åðßóçò ôùí ÷ñçóôþí, ôïõ
õðïóõóôÞìáôïò äéêôýùóçò ôïõ ðõñÞíá ôïõ &os; êáé ìåñéêþí áêüìç
ðñáãìÜôùí. Ðåñéóóüôåñá ãéá ôéò äéáèÝóéìåò åíôïëÝò ðïõ ìðïñïýí íá
÷ñçóéìïðïéçèïýí ãéá ôç ñýèìéóç êáé ôïí Ýëåã÷ï åíüò ðåñéâÜëëïíôïò jail
ìðïñåßôå íá âñåßôå óôï <xref linkend="jails-tuning"/>.</para>
<para>Ôï Jail Ý÷åé ôÝóóåñá êýñéá óôïé÷åßá:</para>
<itemizedlist>
<listitem>
<para>¸íáí êáôÜëïãï ìå äéêÞ ôïõ äïìÞ — ôï áñ÷éêü óçìåßï
óôï ïðïßï åéóÝñ÷åôáé Ýíá jail. Áðü ôç óôéãìÞ ðïõ ìéá äéåñãáóßá
âñßóêåôáé ìÝóá óå Ýíá jail, äåí åðéôñÝðåôáé íá âãåé Ýîù áðü ôïí
êáôÜëïãï áõôü. Ôá ðñïâëÞìáôá ðïõ ôáëáéðùñïýóáí ôïí ó÷åäéáóìü ôïõ
&man.chroot.2; äåí åðçñåÜæïõí ôá jails ôïõ &os;.</para>
</listitem>
<listitem>
<para>¸íá hostname (üíïìá óõóôÞìáôïò) — ôï hostname ôï ïðïßï
èá ÷ñçóéìïðïéçèåß ìÝóá óôï jail. Ôá jails ÷ñçóéìïðïéïýíôáé
êõñßùò ãéá ôçí åîõðçñÝôçóç äéêôõáêþí õðçñåóéþí,
åðïìÝíùò ç ýðáñîç åíüò ÷áñáêôçñéóôéêïý hostname ðïõ íá
ðåñéãñÜöåé ôáõôü÷ñïíá êáé ôç ÷ñÞóç ôïõ, ìðïñåß íá âïçèÞóåé áñêåôÜ
ôïí äéá÷åéñéóôÞ óõóôÞìáôïò.</para>
</listitem>
<listitem>
<para>Ìéá äéåýèõíóç <acronym>IP</acronym> — áõôÞ ç äéåýèõíóç
áíôéóôïé÷åß óå Ýíá jail êáé äåí ìðïñåß íá áëëÜîåé êáôÜ ôç
äéÜñêåéá ôçò æùÞò ôïõ. Ç äéåýèõíóç IP åíüò jail åßíáé óõíÞèùò
ìßá äéåýèõíóç ôýðïõ alias ãéá ìéá Þäç õðÜñ÷ïõóá äéåðáöÞ äéêôýïõ
(network interface), áëëÜ êÜôé ôÝôïéï äåí åßíáé áðáñáßôçôï.</para>
</listitem>
<listitem>
<para>Ìßá åíôïëÞ — ç äéáäñïìÞ ðñïò Ýíá åêôåëÝóéìï ôï ïðïßï èá
åêôåëåßôáé ìÝóá óôï jail. Ç äéáäñïìÞ áõôÞ åßíáé ó÷åôéêÞ ùò ðñïò
ôïí ãïíéêü êáôÜëïãï ôïõ ðåñéâÜëëïíôïò ôïõ jail, êáé ìðïñåß íá
äéáöÝñåé ðïëý áðü jail óå jail áíÜëïãá ìå ôï óõãêåêñéìÝíï
ðåñéâÜëëïí.</para>
</listitem>
</itemizedlist>
<para>Åêôüò áõôþí, ôá jails ìðïñïýí íá Ý÷ïõí ôéò äéêÝò ôïõò ïìÜäåò
÷ñçóôþí êáé ôïí äéêü ôïõò ÷ñÞóôç <username>root</username>. ÖõóéêÜ, ï
Ýëåã÷ïò ðïõ Ý÷åé ï ÷ñÞóôçò <username>root</username> ôïõ jail,
ðåñéïñßæåôáé ìÝóá óôï ðåñéâÜëëïí ôïõ jail, êáé áðü ôçí
ïðôéêÞ ãùíßá ôïõ host system, ï ÷ñÞóôçò áõôüò äåí åßíáé ðáíôïäýíáìïò.
ÅðéðëÝïí, ï ÷ñÞóôçò <username>root</username> ôïõ jail, äåí ìðïñåß
íá åêôåëÝóåé êñßóéìåò åñãáóßåò óôï óýóôçìá Ýîù áðü ôï ðåñéâÜëëïí ôïõ
&man.jail.8;. Ðåñéóóüôåñåò ðëçñïöïñßåò ó÷åôéêÜ ìå ôéò äõíáôüôçôåò êáé
ôïõò ðåñéïñéóìïýò ôïõ <username>root</username> èá âñåßôå óôï
<xref linkend="jails-tuning"/>.</para>
</sect2>
</sect1>
<sect1 id="jails-build">
<title>Äçìéïõñãþíôáò êáé ÅëÝã÷ïíôáò Jails</title>
<para>Ìåñéêïß äéá÷åéñéóôÝò óõóôçìÜôùí êáôçãïñéïðïéïýí ôá jails óå äýï
åíüôçôåò: ôá <quote>complete (ðëÞñç)</quote> jails, ôá ïðïßá ìéìïýíôáé
Ýíá ðñáãìáôéêü óýóôçìá &os;, êáé ôá <quote>service</quote> jails, ôá
ïðïßá ÷ñçóéìïðïéïýíôáé ãéá ìéá åöáñìïãÞ Þ õðçñåóßá, ðïõ ðéèáíüí
åêôåëåßôáé ìå åéäéêÜ ðñïíüìéá. Áõôüò åßíáé Ýíáò íïçôéêüò äéá÷ùñéóìüò
êáé äåí åðéäñÜ óôç äéáäéêáóßá äçìéïõñãßáò åíüò jail. Ç óåëßäá manual
ôïõ &man.jail.8; ðåñéÝ÷åé êáôáôïðéóôéêÝò ðëçñïöïñßåò ãéá ôç äéáäéêáóßá
äçìéïõñãßáò åíüò jail:</para>
<screen>&prompt.root; <userinput>setenv D <replaceable>/here/is/the/jail</replaceable></userinput>
&prompt.root; <userinput>mkdir -p $D</userinput> <co id="jailpath"/>
&prompt.root; <userinput>cd /usr/src</userinput>
&prompt.root; <userinput>make buildworld</userinput> <co id="jailbuildworld"/>
&prompt.root; <userinput>make installworld DESTDIR=$D</userinput> <co id="jailinstallworld"/>
&prompt.root; <userinput>make distribution DESTDIR=$D</userinput> <co id="jaildistrib"/>
&prompt.root; <userinput>mount -t devfs devfs $D/dev</userinput> <co id="jaildevfs"/></screen>
<calloutlist>
<callout arearefs="jailpath">
<para>Ï êáëýôåñïò ôñüðïò ãéá íá îåêéíÞóåôå åßíáé ìå ôçí åðéëïãÞ ìéáò
èÝóçò (äéáäñïìÞò) ãéá ôï jail óáò. Åêåß èá âñßóêïíôáé áðïèçêåõìÝíá
ôá áñ÷åßá ôïõ jail üóï áöïñÜ ôï óýóôçìá óáò. Ìéá êáëÞ éäÝá åßíáé
ôï <filename class="directory">/usr/jail/<replaceable>jailname</replaceable></filename>,
üðïõ <replaceable>jailname</replaceable> ôï hostname ìå ôï ïðïßï èá
áíáãíùñßæåôáé ôï jail. Ôï óýóôçìá áñ÷åßùí
<filename class="directory">/usr/</filename> Ý÷åé óõíÞèùò áñêåôü
÷þñï ãéá ôï óýóôçìá áñ÷åßùí ôïõ jail, ôï ïðïßï, ãéá Ýíá
<quote>complete</quote> jail åßíáé ïõóéáóôéêÜ
Ýíáò êëþíïò êÜèå áñ÷åßïõ ôïõ âáóéêïý óõóôÞìáôïò ìéá ðñïåðéëåãìÝíçò
åãêáôÜóôáóçò ôïõ &os;.</para>
</callout>
<callout arearefs="jailbuildworld">
<para>Ôï âÞìá áõôü äåí áðáéôåßôáé áí Ý÷åôå ìåôáãëùôôßóåé óôï ðáñåëèüí
ôï âáóéêü óýóôçìá ÷ñçóéìïðïéþíôáò ôçí åíôïëÞ
<command>make world</command> Þ
<command>make buildworld</command>. Ìðïñåßôå áðëþò íá
åãêáôáóôÞóåôå ôï õðÜñ÷ïí óýóôçìá óáò óôï íÝï jail.</para>
</callout>
<callout arearefs="jailinstallworld">
<para>Ç åíôïëÞ áõôÞ èá åìðëïõôßóåé ôïí êáôÜëïãï ðïõ åðéëÝîáôå ãéá ôï
jail ìå üëá ôá áðáñáßôçôá áñ÷åßá, âéâëéïèÞêåò, óåëßäåò âïÞèåéáò
êëð.</para>
</callout>
<callout arearefs="jaildistrib">
<para>Ôï <maketarget>distribution</maketarget> target ôïõ
<application>make</application> åãêáèéóôÜ üëá ôá áñ÷åßá ñõèìßóåùí
ðïõ áðáéôïýíôáé. Ìå áðëÜ ëüãéá, åãêáèéóôÜ êÜèå áñ÷åßï áðü ôï
<filename class="directory">/usr/src/etc/</filename> óôïí êáôÜëïãï
<filename class="directory">/etc</filename> ôïõ ðåñéâÜëëïíôïò
jail: <filename class="directory">$D/etc/</filename>.</para>
</callout>
<callout arearefs="jaildevfs">
<para>Äå ÷ñåéÜæåôáé íá ðñïóáñôÞóåôå ôï &man.devfs.8; óôï ðåñéâÜëëïí
ôïõ jail. Áðü ôçí Üëëç üìùò, üëåò, Þ ó÷åäüí üëåò ïé åöáñìïãÝò
÷ñåéÜæïíôáé ðñüóâáóç óå ôïõëÜ÷éóôïí ìßá óõóêåõÞ, áíáëüãùò ìå ôïí
óêïðü ôçò åöáñìïãÞò. Åßíáé ðïëý óçìáíôéêü íá åëÝã÷åôáé ç ðñüóâáóç
óôéò óõóêåõÝò ìÝóá óå Ýíá jail, êáèþò ëáíèáóìÝíåò ñõèìßóåéò
ìðïñåß íá åðéôñÝøïõí óå êÜðïéïí åéóâïëÝá íá êÜíåé
<quote>Üó÷çìá ðáé÷íßäéá</quote> ìÝóá óôï jail.
Ï Ýëåã÷ïò ôïõ &man.devfs.8; ãßíåôáé ìÝóù åíüò óõíüëïõ êáíüíùí ïé
ïðïßïé ðåñéãñÜöïíôáé óôéò óåëßäåò manual ôïõ &man.devfs.8; êáé ôïõ
&man.devfs.conf.5;.</para>
</callout>
</calloutlist>
<para>Áðü ôçí óôéãìÞ ðïõ Ý÷åé åãêáôáóôáèåß Ýíá jail, ìðïñåß íá åêêéíçèåß
ìå ôç ÷ñÞóç ôçò åíôïëÞò &man.jail.8;. Ç &man.jail.8; äÝ÷åôáé ôÝóóåñéò
õðï÷ñåùôéêÝò ðáñáìÝôñïõò ïé ïðïßåò ðåñéãñÜöïíôáé óôï
<xref linkend="jails-what"/>. Ìðïñåßôå íá äþóåôå êáé Üëëåò ðáñáìÝôñïõò,
ð.÷., ãéá íá åêôåëÝóåôå ìéá äéåñãáóßá óôï ðåñéâÜëëïí ôïõ jail ìå ôéò
Üäåéåò åíüò óõãêåêñéìÝíïõ ÷ñÞóôç.
Ç ðáñÜìåôñïò <option><replaceable>command</replaceable></option>
åîáñôÜôáé áðü ôïí ôýðï ôïõ jail. Ãéá Ýíá
<emphasis>åéêïíéêü óýóôçìá</emphasis>, ôï <filename>/etc/rc</filename>
åßíáé ìéá êáëÞ åðéëïãÞ, ìéá êáé óôçí ïõóßá èá êëùíïðïéÞóåé
ôçí äéáäéêáóßá åêêßíçóçò åíüò ðñáãìáôéêïý óõóôÞìáôïò &os;. Ãéá Ýíá
<emphasis>service</emphasis> jail, ç ðáñÜìåôñïò åîáñôÜôáé áðü ôçí
õðçñåóßá Þ ôçí åöáñìïãÞ ðïõ èá ôñÝ÷åé ìÝóá óôï jail.</para>
<para>Ôá jails óõíÞèùò îåêéíïýí êáôÜ ôçí åêêßíçóç êáé ï ìç÷áíéóìüò
<filename>rc</filename> ôïõ &os; ðáñÝ÷åé Ýíáí åýêïëï ôñüðï ãéá íá ãßíåé
êÜôé ôÝôïéï.</para>
<procedure>
<step>
<para>Ç ëßóôá ìå ôá jails ðïõ èÝëåôå íá îåêéíÜíå êáôÜ ôçí åêêßíçóç èá
ðñÝðåé íá ðñïóôåèïýí óôï áñ÷åßï &man.rc.conf.5;:</para>
<programlisting>jail_enable="YES" # Set to NO to disable starting of any jails
jail_list="<replaceable>www</replaceable>" # Space separated list of names of jails</programlisting>
<note>
<para>Ôï üíïìá ðïõ Ý÷åé êÜèå jail óôç
ëßóôá <varname>jail_list</varname> åðéôñÝðåôáé íá ðåñéÝ÷åé ìüíï
áëöáñéèìçôéêïýò ÷áñáêôÞñåò.</para>
</note>
</step>
<step>
<para>Ãéá êÜèå jail ðïõ õðÜñ÷åé óôï <varname>jail_list</varname>, èá
ðñÝðåé íá ðñïóôåèåß ìéá ïìÜäá áðü ñõèìßóåéò óôï &man.rc.conf.5;, ïé
ïðïßåò èá ôï ðåñéãñÜöïõí:</para>
<programlisting>jail_<replaceable>www</replaceable>_rootdir="/usr/jail/www" # jail's root directory
jail_<replaceable>www</replaceable>_hostname="<replaceable>www</replaceable>.example.org" # jail's hostname
jail_<replaceable>www</replaceable>_ip="192.168.0.10" # jail's IP address
jail_<replaceable>www</replaceable>_devfs_enable="YES" # mount devfs in the jail
jail_<replaceable>www</replaceable>_devfs_ruleset="<replaceable>www_ruleset</replaceable>" # devfs ruleset to apply to jail</programlisting>
<para>Ç ðñïåðéëåãìÝíç åêêßíçóç ôïõ jail ìÝóù ôïõ
&man.rc.conf.5;, èá îåêéíÞóåé ôï script ôïõ jail
<filename>/etc/rc</filename>, ôï ïðïßï õðïèÝôåé üôé ôï jail åßíáé
Ýíá ïëïêëçñùìÝíï åéêïíéêü óýóôçìá. Ãéá service jails, ç
ðñïåðéëåãìÝíç åêêßíçóç ðñÝðåé íá áëëÜîåé, ïñßæïíôáò êáôÜëëçëá ôçí
åðéëïãÞ <varname>jail_<replaceable>jailname</replaceable>_exec_start</varname>.</para>
<note>
<para>Ãéá ðëÞñç ëßóôá ôùí äéáèÝóéìùí åðéëïãþí, äåßôå ôï
&man.rc.conf.5;.</para>
</note>
</step>
</procedure>
<para>Ôï script <filename>/etc/rc.d/jail</filename> ìðïñåß íá
÷ñçóéìïðïéçèåß ãéá íá îåêéíÞóåé Þ íá óôáìáôÞóåé êÜðïéï jail
÷åéñïêßíçôá. ÐñÝðåé üìùò íá õðÜñ÷åé ç áíôßóôïé÷ç êáôá÷þñçóç óôï
<filename>rc.conf</filename>:</para>
<screen>&prompt.root; <userinput>/etc/rc.d/jail start <replaceable>www</replaceable></userinput>
&prompt.root; <userinput>/etc/rc.d/jail stop <replaceable>www</replaceable></userinput></screen>
<para>Ãéá ôçí þñá äåí õðÜñ÷åé êÜðïéïò áðüëõôá óùóôüò ôñüðïò ãéá íá
ôåñìáôßóåôå êÜðïéï &man.jail.8;. Áõôü óõìâáßíåé, äéüôé ïé åíôïëÝò
ðïõ ÷ñçóéìïðïéïýíôáé óõíÞèùò ãéá íá ôåñìáôßóïõí ìå áóöÜëåéá Ýíá
óýóôçìá, äåí ìðïñïýí íá ÷ñçóéìïðïéçèïýí ìÝóá óôï ðåñéâÜëëïí åíüò jail.
Ï êáëýôåñïò ôñüðïò ãéá íá ôåñìáôßóåôå Ýíá jail åßíáé ìå ôçí åêôÝëåóç
ôçò áêüëïõèçò åíôïëÞò ìÝóá áðü ôï ßäéï ôï jail Þ ìå ÷ñÞóç ôïõ
âïçèçôéêïý ðñïãñÜììáôïò &man.jexec.8; Ýîù áðü áõôü:</para>
<screen>&prompt.root; <userinput>sh /etc/rc.shutdown</userinput></screen>
<para>Ðåñéóóüôåñåò ðëçñïöïñßåò ó÷åôéêÜ ìå áõôÞ ôç äéáäéêáóßá ìðïñåßôå íá
âñåßôå óôç óåëßäá âïçèåßáò ôïõ &man.jail.8;</para>
</sect1>
<sect1 id="jails-tuning">
<title>ËåðôïìåñÞò Ñýèìéóç êáé Äéá÷åßñéóç</title>
<para>ÕðÜñ÷ïõí áñêåôÝò åðéëïãÝò ðïõ ìðïñïýí íá åöáñìïóôïýí óå Ýíá jail,
êáèþò êáé äéÜöïñïé ôñüðïé ãéá íá óõíäõáóôåß Ýíá óýóôçìá &os; ìå jails
ðñïêåéìÝíïõ íá ðáñÜãïõí åöáñìïãÝò õøçëüôåñïõ åðéðÝäïõ. Ç åíüôçôá áõôÞ
ðáñïõóéÜæåé:</para>
<itemizedlist>
<listitem>
<para>ÌåñéêÝò áðü ôéò äéáèÝóéìåò åðéëïãÝò ãéá ôçí ñýèìéóç ôçò
óõìðåñéöïñÜò êáé ôùí ðåñéïñéóìþí áóöáëåßáò ðïõ õëïðïéïýíôáé áðü ôçí
åãêáôÜóôáóç åíüò jail.</para>
</listitem>
<listitem>
<para>ÌåñéêÝò åöáñìïãÝò õøçëïý åðéðÝäïõ ãéá ôç äéá÷åßñéóç jails,
ïé ïðïßåò åßíáé äéáèÝóéìåò ìÝóù ôçò óõëëïãÞò ôùí Ports ôïõ &os; êáé
ìðïñïýí íá ÷ñçóéìïðïéçèïýí óôçí õëïðïßçóç ïëïêëçñùìÝíùí ëýóåùí ìå
ôç ÷ñÞóç jails.</para>
</listitem>
</itemizedlist>
<sect2 id="jails-tuning-utilities">
<title>Åñãáëåßá ÓõóôÞìáôïò ôïõ &os; ãéá ôç Ñýèìéóç Jails</title>
<para>ËåðôïìåñÞò ñýèìéóç åíüò jail ãßíåôáé êáôÜ êýñéï ëüãï ìÝóù ôùí
ìåôáâëçôþí ôïõ &man.sysctl.8;. ÕðÜñ÷åé Ýíá åéäéêü subtree ôïõ sysctl
ôï ïðïßï áðïôåëåß ôç âÜóç ãéá ôçí ïñãÜíùóç üëùí ôùí ó÷åôéêþí
åðéëïãþí: ðñüêåéôáé ãéá ôçí éåñáñ÷ßá åðéëïãþí ðõñÞíá
<varname>security.jail.*</varname>. ÐáñáêÜôù èá âñåßôå ìéá ëßóôá ìå
ôá êýñéá sysctl ðïõ ó÷åôßæïíôáé ìå êÜðïéï jail êáèþò êáé ôéò
ðñïåðéëåãìÝíåò ôéìÝò ôïõò. Ôá ïíüìáôá ìÜëëïí åîçãïýí áðü ìüíá ôïõò
ôçí áíôßóôïé÷ç ëåéôïõñãßá, áëëÜ ãéá ðåñéóóüôåñåò ðëçñïöïñßåò ìðïñåßôå
íá äåßôå ôéò óåëßäåò âïÞèåéáò ôùí &man.jail.8;
êáé &man.sysctl.8;.</para>
<itemizedlist>
<listitem>
<para><varname>security.jail.set_hostname_allowed: 1</varname></para>
</listitem>
<listitem>
<para><varname>security.jail.socket_unixiproute_only: 1</varname></para>
</listitem>
<listitem>
<para><varname>security.jail.sysvipc_allowed: 0</varname></para>
</listitem>
<listitem>
<para><varname>security.jail.enforce_statfs: 2</varname></para>
</listitem>
<listitem>
<para><varname>security.jail.allow_raw_sockets: 0</varname></para>
</listitem>
<listitem>
<para><varname>security.jail.chflags_allowed: 0</varname></para>
</listitem>
<listitem>
<para><varname>security.jail.jailed: 0</varname></para>
</listitem>
</itemizedlist>
<para>Ïé ìåôáâëçôÝò áõôÝò ìðïñïýí íá ÷ñçóéìïðïéçèïýí áðü ôïí
äéá÷åéñéóôÞ ôïõ <emphasis>host system</emphasis>
ðñïêåéìÝíïõ íá ðñïóèÝóåé Þ íá áöáéñÝóåé ðåñéïñéóìïýò ïé ïðïßïé
õðÜñ÷ïõí áñ÷éêÜ óôïí ÷ñÞóôç <username>root</username>. ÕðÜñ÷ïõí üìùò
êáé êÜðïéïé ðåñéïñéóìïß ïé ïðïßïé äåí ìðïñïýí íá áöáéñåèïýí.
Ï ÷ñÞóôçò <username>root</username> äåí åðéôñÝðåôáé íá ðñïóáñôÜ Þ íá
áðï-ðñïóáñôÜ óõóôÞìáôá áñ÷åßùí ìÝóá áðü Ýíá &man.jail.8;. Ï
<username>root</username> ìÝóá óå Ýíá jail äåí åðéôñÝðåôáé íá
öïñôþóåé Þ íá áðïöïñôþóåé ôïõò êáíüíåò (rulesets) ôïõ &man.devfs.8;,
ôï firewall, êáé äéÜöïñåò Üëëåò åñãáóßåò äéá÷åßñéóçò ïé ïðïßåò
÷ñåéÜæïíôáé ôñïðïðïßçóç ôùí äåäïìÝíùí ôïõ ðõñÞíá, üðùò ãéá ðáñÜäåéãìá
ï ïñéóìüò ôïõ <varname>securelevel</varname> ôïõ ðõñÞíá.</para>
<para>Ôï âáóéêü óýóôçìá ôïõ &os; ðåñéÝ÷åé ôá âáóéêÜ åñãáëåßá ãéá ôç
ðñïâïëÞ ðëçñïöïñéþí ó÷åôéêÜ ìå ôá åíåñãÜ jails, êáé åðßóçò ãéá ôçí
áíÜèåóç óõãêåêñéìÝíùí åíôïëþí äéá÷åßñéóçò óå êÜðïéï jail. Ïé åíôïëÝò
&man.jls.8; êáé &man.jexec.8; áðïôåëïýí ìÝñïò ôïõ âáóéêïý óõóôÞìáôïò
ôïõ &os;, êáé ìðïñïýí íá ÷ñçóéìïðïéçèïýí ãéá íá ôéò ðáñáêÜôù áðëÝò
åñãáóßåò:</para>
<itemizedlist>
<listitem>
<para>ÐñïâïëÞ ëßóôáò ôùí åíåñãþí jails êáé ôïí áíôßóôïé÷ùí
÷áñáêôçñéóôéêþí ôïõò - jail identifier (<acronym>JID</acronym>),
äéåýèõíóç <acronym>IP</acronym>, hostname êáé path.</para>
</listitem>
<listitem>
<para>Ðñïóêüëëçóç óå êÜðïéï åíåñãü jail, áðü ôï host system, êáé
åêôÝëåóç êÜðïéáò åíôïëÞò ìÝóá óôï jail Þ åêôÝëåóç åñãáóéþí
äéá÷åßñéóçò ìÝóá óôï jail. ÊÜôé ôÝôïéï åßíáé éäéáßôåñá ÷ñÞóéìï
üôáí ï ÷ñÞóôçò <username>root</username> åðéèõìåß íá ôåñìáôßóåé
ìå áóöÜëåéá êÜðïéï jail. Ìðïñåß åðßóçò íá ÷ñçóéìïðïéçèåß ç åíôïëÞ
&man.jexec.8; ãéá ôçí åêôÝëåóç êÜðïéïõ shell ìÝóá óôï jail
ðñïêåéìÝíïõ íá åêôåëåóôïýí åñãáóßåò äéá÷åßñéóçò, ãéá
ðáñÜäåéãìá:</para>
<screen>&prompt.root; <userinput>jexec <replaceable>1</replaceable> tcsh</userinput></screen>
</listitem>
</itemizedlist>
</sect2>
<sect2 id="jails-tuning-admintools">
<title>Åñãáëåßá Äéá÷åßñéóçò Õøçëïý ÅðéðÝäïõ óôç ÓõëëïãÞ Ports
ôïõ &os;</title>
<para>ÁíÜìåóá óôéò äéÜöïñåò åöáñìïãÝò ôñßôùí êáôáóêåõáóôþí ãéá ôç
äéá÷åßñéóç ôùí jails, Ýíá áðü ôá ðïéï ïëïêëçñùìÝíá êáé ÷ñÞóéìá ðáêÝôá
åßíáé ôï <filename role="package">sysutils/jailutils</filename>.
Áðïôåëåß Ýíá óýíïëï ìéêñþí åöáñìïãþí
ïé ïðïßåò óõíåéóöÝñïõí óôç äéá÷åßñéóç ôïõ &man.jail.8;. Ãéá
ðåñéóóüôåñåò ðëçñïöïñßåò, äåßôå óôïí äéêôõáêü ôïõ ôüðï.</para>
</sect2>
</sect1>
<sect1 id="jails-application">
<title>ÅöáñìïãÞ ôùí Jails</title>
<sect2 id="jails-service-jails">
<sect2info>
<authorgroup>
<author>
<firstname>Daniel</firstname>
<surname>Gerzo</surname>
<contrib>ÓõíåéóöïñÜ ôïõ </contrib>
<!-- 15. May 2007 -->
</author>
</authorgroup>
</sect2info>
<title>Service Jails</title>
<para>Ç åíüôçôá áõôÞ åßíáé âáóéóìÝíç óôçí éäÝá ðïõ ðáñïõóéÜóôçêå áñ÷éêÜ
áðü ôïí &a.simon; óôï <ulink
url="http://simon.nitro.dk/service-jails.html"></ulink>, êáèþò êáé
óå Ýíá áíáíåùìÝíï Üñèñï ôïõ Ken Tom <email>locals@gmail.com</email>.
Óôçí åíüôçôá áõôÞ èá óáò äåßîïõìå ðùò íá óôÞóåôå Ýíá óýóôçìá &os; ôï
ïðïßï íá äéáèÝôåé Ýíá åðéðëÝïí åðßðåäï áóöÜëåéáò, ìå ôç ÷ñÞóç ôïõ
&man.jail.8;. ÕðïèÝôïõìå üôé ôï óýóôçìá ôñÝ÷åé ôïõëÜ÷éóôïí RELENG_6_0
êáé üôé Ý÷åôå êáôáíïÞóåé üëåò ôéò ðñïçãïýìåíåò ðëçñïöïñßåò ôïõ
êåöáëáßïõ.</para>
<sect3 id="jails-service-jails-design">
<title>Ó÷åäéáóìüò</title>
<para>¸íá áðü ôá óçìáíôéêüôåñá ðñïâëÞìáôá ìå ôá jails åßíáé ç
äéá÷åßñéóç ôçò äéáäéêáóßáò áíáâáèìßóåùí. Áõôü ôåßíåé íá åßíáé
ðñüâëçìá äéüôé ôï êÜèå jail ðñÝðåé íá äçìéïõñãçèåß áðü ôçí áñ÷Þ óå
êÜèå áíáâÜèìéóç. ÓõíÞèùò äåí åßíáé ðñüâëçìá áí Ý÷åôå Ýíá ìüíï jail,
ìéá êáé ðñüêåéôáé ãéá ó÷åôéêÜ áðëÞ äéáäéêáóßá, áëëÜ ãßíåôáé
êïõñáóôéêÞ êáé ÷ñïíïâüñá áí Ý÷åôå ðïëëÜ jails.</para>
<warning>
<para>Ïé ðáñáêÜôù ñõèìßóåéò ðñïûðïèÝôïõí åìðåéñßá ìå ôï &os; êáé ôç
÷ñÞóç ôùí äéÜöïñùí ÷áñáêôçñéóôéêþí ôïõ. ÅÜí ôá ðáñáêÜôù âÞìáôá
óáò öáßíïíôáé ðïëý ðåñßðëïêá, åßíáé êáëýôåñá íá ñßîåôå ìéá ìáôéÜ
óå êÜôé ðïéï áðëü üðùò ôï
<filename role="package">sysutils/ezjail</filename>, ôï ïðïßï
ðáñÝ÷åé Ýíáí åõêïëüôåñï ôñüðï äéá÷åßñéóçò ôùí jails ôïõ &os; êáé
äåí åßíáé ôüóï åîåéäéêåõìÝíï üóï ïé ðáñáêÜôù ñõèìßóåéò.</para>
</warning>
<para>Ç éäÝá áõôÞ Ý÷åé ðáñïõóéáóôåß ãéá íá ëýóåé ôÝôïéïõ åßäïõò
ðñïâëÞìáôá, ìå ôçí âïÞèåéá ôçò êïéíÞò ÷ñÞóçò üóï ôï äõíáôüí
ðåñéóóüôåñùí áñ÷åßùí ìåôáîý ôùí jails, ìå Ýíáí áóöáëÞ
üìùò ôñüðï — ÷ñçóéìïðïéþíôáò ðñïóáñôÞóåéò ôýðïõ
&man.mount.nullfs.8; êáé ìüíï ãéá áíÜãíùóç (read only)
Ýôóé þóôå ç áíáâÜèìéóç íá åßíáé åõêïëüôåñç, êáé ç ÷ñÞóç ìåìïíùìÝíùí
jails ãéá êÜèå õðçñåóßá íá êáèßóôáôáé åðéèõìçôÞ. ÅðéðëÝïí, ðáñÝ÷åé
Ýíáí áðëü ôñüðï ãéá íá ðñïóèÝóåôå êáé íá áöáéñÝóåôå jails üðùò
åðßóçò êáé íá ôá áíáâáèìßóåôå.</para>
<note>
<para>Ðáñáäåßãìáôá õðçñåóéþí ôÝôïéïõ ôýðïõ: Ýíáò
<acronym>HTTP</acronym> server, Ýíáò <acronym>DNS</acronym>
server, Ýíáò <acronym>SMTP</acronym> server, êëð.</para>
</note>
<para>Ïé óôü÷ïé ôùí ðáñáêÜôù ñõèìßóåùí åßíáé:</para>
<itemizedlist>
<listitem>
<para>Äçìéïõñãßá áðëþí êáé êáôáíïçôþí jails.
Áõôü óçìáßíåé üôé <emphasis>äåí</emphasis> èá ôñÝîïõìå Ýíá
ðëÞñåò installworld óå êÜèå jail.</para>
</listitem>
<listitem>
<para>Åýêïëç ðñïóèÞêç êáé äéáãñáöÞ jails.</para>
</listitem>
<listitem>
<para>Åýêïëç áíáâÜèìéóç õðáñ÷üíôùí jails.</para>
</listitem>
<listitem>
<para>Äõíáôüôçôá äçìéïõñãßáò ðñïóáñìïóìÝíïõ ôìÞìáôïò
ôïõ &os;.</para>
</listitem>
<listitem>
<para>¼óï ðåñéóóüôåñç áóöÜëåéá åßíáé äõíáôüí, ìå åëá÷éóôïðïßçóç
ôçò ðéèáíüôçôáò êáêüâïõëçò ÷ñÞóçò.</para>
</listitem>
<listitem>
<para>Åîïéêïíüìçóç ÷þñïõ êáé inodes.</para>
</listitem>
</itemizedlist>
<para>¼ðùò Ý÷ïõìå Þäç ðåé, ï ó÷åäéáóìüò áõôüò åîáñôÜôáé éäéáßôåñá áðü
ôçí ýðáñîç åíüò áñ÷éêïý template óôï ïðïßï äåí åðéôñÝðåôáé ç
åããñáöÞ äåäïìÝíùí (ãíùóôü ùò <application>nullfs</application>) êáé
ôï ïðïßï ðñÝðåé íá Ý÷åé ðñïóáñôçèåß óå êÜèå jail, üðùò åðßóçò êáé
óôçí ýðáñîç ãéá êÜèå jail ìéáò óõóêåõÞò ðïõ íá åðéôñÝðåé ôüóï ôçí
áíÜãíùóç üóï êáé ôçí åããñáöÞ. Ìéá ôÝôïéá óõóêåõÞ ìðïñåß íá åßíáé
êÜðïéïò îå÷ùñéóôüò öõóéêüò äßóêïò, ìéá êáôÜôìçóç, Þ êÜðïéá óõóêåõÞ
vnode &man.md.4;. Óôï ðáñáêÜôù ðáñÜäåéãìá, èá ÷ñçóéìïðïéÞóïõìå
ðñïóáñôÞóåéò ôýðïõ <application>nullfs</application> óôéò ïðïßåò
èá åðéôñÝðåôáé åããñáöÞ êáé áíÜãíùóç.</para>
<para>Ç äïìÞ ôïõ óõóôÞìáôïò áñ÷åßùí ðåñéãñÜöåôáé óôçí ðáñáêÜôù
ëßóôá:</para>
<itemizedlist>
<listitem>
<para>ÊÜèå jail èá ðñïóáñôÜôáé êÜôù áðü ôïí êáôÜëïãï <filename
class="directory">/home/j</filename>.</para>
</listitem>
<listitem>
<para>Ôï <filename class="directory">/home/j/mroot</filename>
åßíáé ôï template ãéá ôï êÜèå jail êáé ç êáôÜôìçóç ìüíï
áíÜãíùóçò ãéá üëá ôá jails.</para>
</listitem>
<listitem>
<para>Èá äçìéïõñãçèåß Ýíáò êåíüò êáôÜëïãïò ãéá êÜèå jail êÜôù
áðü ôïí êáôÜëïãï
<filename class="directory">/home/j</filename>.</para>
</listitem>
<listitem>
<para>ÊÜèå jail èá Ý÷åé Ýíáí êáôÜëïãï
<filename class="directory">/s</filename>, ï ïðïßïò èá åßíáé
óýíäåóìïò ðñïò ôï åããñÜøéìï ìÝñïò ôïõ óõóôÞìáôïò.</para>
</listitem>
<listitem>
<para>ÊÜèå jail èá Ý÷åé ôï äéêü åããñÜøéìï ìÝñïò ôï ïðïßï
èá âáóßæåôáé óôï
<filename class="directory">/home/j/skel</filename>.</para>
</listitem>
<listitem>
<para>ÊÜèå jailspace (ôï åããñÜøéìï ìÝñïò êÜèå jail) èá ðñÝðåé
íá äçìéïõñãçèåß óôïí êáôÜëïãï
<filename class="directory">/home/js</filename>.</para>
</listitem>
</itemizedlist>
<note>
<para>¼ëá áõôÜ ðñïûðïèÝôïõí üôé ôá jails âñßóêïíôáé êÜôù áðü ôïí
êáôÜëïãï <filename class="directory">/home</filename>. Áõôü
âÝâáéá ìðïñåß íá áëëÜîåé óå ïôéäÞðïôå åóåßò èÝëåôå, áëëÜ èá
åðçñåÜóåé üëá ôá ðáñáêÜôù ðáñáäåßãìáôá.</para>
</note>
<!-- Insert an image or drawing here to illustrate the example. -->
</sect3>
<sect3 id="jails-service-jails-template">
<title>Äçìéïõñãþíôáò ôï Template</title>
<para>Ç åíüôçôá áõôÞ èá ðåñéãñÜøåé ôá âÞìáôá ðïõ ÷ñåéÜæïíôáé
ðñïêåéìÝíïõ íá äçìéïõñãÞóåôå ôï ðñùôáñ÷éêü template ôï ïðïßï èá
ðåñéÝ÷åé ôï ôìÞìá ôùí jails ðïõ åßíáé ìüíï ãéá áíÜãíùóç.</para>
<para>Åßíáé ðÜíôïôå êáëÞ éäÝá íá áíáâáèìßæåôå ôï &os; óôç ôåëåõôáßá
Ýêäïóç -RELEASE. Ãéá ôï óêïðü áõôü, äéáâÜóôå ôï áíôßóôïé÷ï
<ulink url="&url.books.handbook;/makeworld.html">êåöÜëáéï</ulink>
óôï Åã÷åéñßäéï. Óôç ðåñßðôùóç ðïõ ç áíáâÜèìéóç
äåí åßíáé åöéêôÞ, èá ÷ñåéáóôåßôå buildworld ãéá íá ìðïñÝóåôå íá
óõíå÷ßóåôå. ÅðéðëÝïí èá ÷ñåéáóôåßôå ôï ðáêÝôï
<filename role="package">sysutils/cpdup</filename>. Èá
÷ñçóéìïðïéÞóïõìå ôï âïçèçôéêü ðñüãñáììá &man.portsnap.8; ãéá íá
êáôåâÜóïõìå ôç óõëëïãÞ ôùí Ports. Ãéá ôïõò íåï-åéóåñ÷üìåíïõò,
óõíßóôáôáé ç áíÜãíùóç ôïõ <ulink
url="&url.books.handbook;/portsnap.html">êåöáëáßïõ ãéá ôï
Portsnap</ulink> óôï Åã÷åéñßäéï ôïõ &os;.</para>
<procedure>
<step>
<para>Áñ÷éêÜ, äçìéïõñãÞóôå ìéá äïìÞ êáôáëüãùí ãéá ôï óýóôçìá
áñ÷åßùí ôï ïðïßï èá åßíáé ìüíï ãéá áíÜãíùóç, êáé ôï ïðïßï èá
ðåñéÝ÷åé ôá åêôåëÝóéìá (binaries) ôïõ &os; ãéá ôá jails.
Óôç óõíÝ÷åéá ðçãáßíåôå óôïí êáôÜëïãï üðïõ âñßóêïíôáé ôá áñ÷åßá
ðçãáßïõ êþäéêá (source tree) ôïõ &os; êáé
åãêáôáóôÞóôå ôá áíôßóôïé÷á áñ÷åßá óôï jail template:</para>
<screen>&prompt.root; <userinput>mkdir /home/j /home/j/mroot</userinput>
&prompt.root; <userinput>cd /usr/src</userinput>
&prompt.root; <userinput>make installworld DESTDIR=/home/j/mroot</userinput></screen>
</step>
<step>
<para>Åðüìåíï âÞìá åßíáé íá ðñïåôïéìÜóåôå ôç óõëëïãÞ ôùí Ports
ôïõ &os; ãéá ôá jails üðùò åðßóçò êáé Ýíá &os; source tree, ôï
ïðïßï èá ÷ñåéáóôåß ãéá ôï
<application>mergemaster</application>:</para>
<screen>&prompt.root; <userinput>cd /home/j/mroot</userinput>
&prompt.root; <userinput>mkdir usr/ports</userinput>
&prompt.root; <userinput>portsnap -p /home/j/mroot/usr/ports fetch extract</userinput>
&prompt.root; <userinput>cpdup /usr/src /home/j/mroot/usr/src</userinput></screen>
</step>
<step>
<para>ÄçìéïõñãÞóôå ôï óêåëåôü ãéá ôï ôìÞìá ôïõ óõóôÞìáôïò üðïõ
ðñïïñßæåôáé ãéá áíÜãíùóç êáé åããñáöÞ:</para>
<screen>&prompt.root; <userinput>mkdir /home/j/skel /home/j/skel/home /home/j/skel/usr-X11R6 /home/j/skel/distfiles</userinput>
&prompt.root; <userinput>mv etc /home/j/skel</userinput>
&prompt.root; <userinput>mv usr/local /home/j/skel/usr-local</userinput>
&prompt.root; <userinput>mv tmp /home/j/skel</userinput>
&prompt.root; <userinput>mv var /home/j/skel</userinput>
&prompt.root; <userinput>mv root /home/j/skel</userinput></screen>
</step>
<step>
<para>×ñçóéìïðïéÞóôå ôï <application>mergemaster</application>
ãéá íá åãêáôáóôÞóåôå ôá áñ÷åßá ñõèìßóåùí ðïõ ëåßðïõí. Óôç
óõíÝ÷åéá äéáãñÜøôå üëïõò ôïõò Ýîôñá êáôáëüãïõò
ðïõ äçìéïõñãåß ôï <application>mergemaster</application>:</para>
<screen>&prompt.root; <userinput>mergemaster -t /home/j/skel/var/tmp/temproot -D /home/j/skel -i</userinput>
&prompt.root; <userinput>cd /home/j/skel</userinput>
&prompt.root; <userinput>rm -R bin boot lib libexec mnt proc rescue sbin sys usr dev</userinput></screen>
</step>
<step>
<para>Ôþñá, äçìéïõñãÞóôå óõíäÝóìïõò áðü ôï óýóôçìá áñ÷åßùí óôï
ïðïßï åðéôñÝðåôáé ç åããñáöÞ, ðñïò ôï óýóôçìá áñ÷åßùí ðïõ åßíáé
ìüíï ãéá áíÜãíùóç. Âåâáéùèåßôå üôé ïé óýíäåóìïé Ý÷ïõí
äçìéïõñãçèåß óôéò óùóôÝò èÝóåéò <filename
class="directory">s/</filename>. Ç ýðáñîç ðñáãìáôéêþí
êáôáëüãùí Þ ç äçìéïõñãßá êáôáëüãùí óå ëÜèïò èÝóåéò èá ïäçãÞóïõí
ôçí åãêáôÜóôáóç óå áðïôõ÷ßá.</para>
<screen>&prompt.root; <userinput>cd /home/j/mroot</userinput>
&prompt.root; <userinput>mkdir s</userinput>
&prompt.root; <userinput>ln -s s/etc etc</userinput>
&prompt.root; <userinput>ln -s s/home home</userinput>
&prompt.root; <userinput>ln -s s/root root</userinput>
&prompt.root; <userinput>ln -s ../s/usr-local usr/local</userinput>
&prompt.root; <userinput>ln -s ../s/usr-X11R6 usr/X11R6</userinput>
&prompt.root; <userinput>ln -s ../../s/distfiles usr/ports/distfiles</userinput>
&prompt.root; <userinput>ln -s s/tmp tmp</userinput>
&prompt.root; <userinput>ln -s s/var var</userinput></screen>
</step>
<step>
<para>Óáí ôåëåõôáßï âÞìá, äçìéïõñãÞóôå Ýíá ãåíéêü áñ÷åßï
<filename>/home/j/skel/etc/make.conf</filename> ìå ôá ðáñáêÜôù
äåäïìÝíá:</para>
<programlisting>WRKDIRPREFIX?= /s/portbuild</programlisting>
<para>¸÷ïíôáò ïñßóåé ôï <literal>WRKDIRPREFIX</literal> ìå
áõôüí ôïí ôñüðï, èá ìðïñåßôå íá ìåôáãëùôôßóåôå ports ôïõ &os;
ìÝóá óå êÜèå jail. Èõìçèåßôå üôé ï êáôÜëïãïò ôùí ports åßíáé
ìÝñïò ôïõ óõóôÞìáôïò áñ÷åßùí ðïõ Ý÷åé ðñïóáñôçèåß ìüíï ãéá
áíÜãíùóç. Ç ðñïóáñìïóìÝíç äéáäñïìÞ ãéá ôï
<literal>WRKDIRPREFIX</literal> åðéôñÝðåé ôçí ìåôáãëþôôéóç
ôùí ports óôï åããñÜøéìï ìÝñïò ôïõ êÜèå jail.</para>
</step>
</procedure>
</sect3>
<sect3 id="jails-service-jails-creating">
<title>Äçìéïõñãþíôáò Jails</title>
<para>Ôþñá ðïõ Ý÷ïõìå Ýíá ïëïêëçñùìÝíï &os; jail template, ìðïñïýìå íá
åãêáôáóôÞóïõìå êáé íá ñõèìßóïõìå ôá jails óôï
<filename>/etc/rc.conf</filename>. Ôï ðáñÜäåéãìá áõôü äåß÷íåé
ôç äçìéïõñãßá ôñéþí jails: <quote>NS</quote>,
<quote>MAIL</quote> êáé <quote>WWW</quote>.</para>
<procedure>
<step>
<para>ÅéóÜãåôå ôéò ðáñáêÜôù ãñáììÝò óôï áñ÷åßï
<filename>/etc/fstab</filename>, þóôå ôï ìüíï ãéá áíÜãíùóç
template ãéá ôá jails êáé ï åããñÜøéìïò ÷þñïò
íá åßíáé äéáèÝóéìá óôá áíôßóôïé÷á jails:</para>
<programlisting>/home/j/mroot /home/j/ns nullfs ro 0 0
/home/j/mroot /home/j/mail nullfs ro 0 0
/home/j/mroot /home/j/www nullfs ro 0 0
/home/js/ns /home/j/ns/s nullfs rw 0 0
/home/js/mail /home/j/mail/s nullfs rw 0 0
/home/js/www /home/j/www/s nullfs rw 0 0</programlisting>
<note>
<para>Ïé êáôáôìÞóåéò ðïõ åßíáé óçìåéùìÝíåò ìå 0 pass number äåí
åëÝã÷ïíôáé êáôÜ ôçí åêêßíçóç áðü ôï &man.fsck.8;, åíþ ãéá ôéò
êáôáôìÞóåéò ìå 0 dump number, ç &man.dump.8; äåí èá
äçìéïõñãåß áíôßãñáöá áóöáëåßáò. Ðñïöáíþò, äåí èÝëïõìå ôï
<application>fsck</application> íá åëÝã÷åé ôéò ðñïóáñôÞóåéò
ôýðïõ <application>nullfs</application>, ïýôå êáé ôï
<application>dump</application> íá êñáôÜ áíôßãñáöá áðü ôá
ìüíï ãéá áíÜãíùóç nullfs óõóôÞìáôá áñ÷åßùí ôùí jails. Áõôüò
åßíáé êáé ï ëüãïò ðïõ âÜëáìå <quote>0 0</quote> óôéò äýï
ôåëåõôáßåò óôÞëåò êÜèå åããñáöÞò ôïõ
<filename>fstab</filename>.</para>
</note>
</step>
<step>
<para>Ñõèìßóôå ôá jails óôï
<filename>/etc/rc.conf</filename>:</para>
<programlisting>jail_enable="YES"
jail_set_hostname_allow="NO"
jail_list="ns mail www"
jail_ns_hostname="ns.example.org"
jail_ns_ip="192.168.3.17"
jail_ns_rootdir="/home/j/ns"
jail_ns_devfs_enable="YES"
jail_mail_hostname="mail.example.org"
jail_mail_ip="192.168.3.18"
jail_mail_rootdir="/home/j/mail"
jail_mail_devfs_enable="YES"
jail_www_hostname="www.example.org"
jail_www_ip="62.123.43.14"
jail_www_rootdir="/home/j/www"
jail_www_devfs_enable="YES"</programlisting>
<warning>
<para>Ï ëüãïò ãéá ôïí ïðïßï èÝôïõìå ôç ìåôáâëçôÞ
<varname>jail_<replaceable>name</replaceable>_rootdir</varname>
íá äåß÷íåé óôï
<filename class="directory">/usr/home</filename>
áíôß ãéá ôï <filename class="directory">/home</filename>
åßíáé üôé ç öõóéêÞ äéáäñïìÞ ãéá ôïí êáôÜëïãï
<filename class="directory">/home </filename> óå ìéá ôõðéêÞ
åãêáôÜóôáóç ôïõ &os; åßíáé ôï
<filename class="directory">/usr/home</filename>. Ç ìåôáâëçôÞ
<varname>jail_<replaceable>name</replaceable>_rootdir</varname>
<emphasis>äåí</emphasis> äåí ðñÝðåé íá äåß÷íåé ðñïò äéáäñïìÞ
ðïõ ðåñéëáìâÜíåé óõìâïëéêü äåóìü, äéáöïñåôéêÜ ôá jails èá
áñíçèïýí íá îåêéíÞóïõí. ×ñçóéìïðïéÞóôå ôï âïçèçôéêü ðñüãñáììá
&man.realpath.1; ãéá íá ðñïóäéïñßóåôå ôçí ôéìÞ ðïõ èá ðñÝðåé
íá ëÜâåé áõôÞ ç ìåôáâëçôÞ. Äåßôå ôï &os;-SA-07:01.jail
Security Advisory ãéá ðåñéóóüôåñåò ðëçñïöïñßåò.</para>
</warning>
</step>
<step>
<para>ÄçìéïõñãÞóôå ôá áðáñáßôçôá óçìåßá ðñïóáñôÞóåùí ãéá ôï
óýóôçìá áñ÷åßùí ìüíï áíÜãíùóçò ôïõ êÜèå jail:</para>
<screen>&prompt.root; <userinput>mkdir /home/j/ns /home/j/mail /home/j/www</userinput></screen>
</step>
<step>
<para>ÅãêáôáóôÞóôå ôï åããñÜøéìï template ìÝóá óôï êÜèå jail.
ÐñïóÝîôå åäþ ôç ÷ñÞóç ôïõ
<filename role="package">sysutils/cpdup</filename>, ôï ïðïßï
åðéâåâáéþíåé üôé äçìéïõñãåßôáé ôï óùóôü áíôßãñáöï ôïõ êÜèå
êáôáëüãïõ:</para>
<!-- keramida: Why is cpdup required here? Doesn't cpio(1)
already include adequate functionality for performing this
job *and* have the advantage of being part of the base
system of FreeBSD? -->
<screen>&prompt.root; <userinput>mkdir /home/js</userinput>
&prompt.root; <userinput>cpdup /home/j/skel /home/js/ns</userinput>
&prompt.root; <userinput>cpdup /home/j/skel /home/js/mail</userinput>
&prompt.root; <userinput>cpdup /home/j/skel /home/js/www</userinput></screen>
</step>
<step>
<para>Óå áõôÞ ôç öÜóç, ôá jails Ý÷ïõí äçìéïõñãçèåß êáé åßíáé
Ýôïéìá íá îåêéíÞóïõí. ÐñïóáñôÞóôå ôï óùóôü óýóôçìá áñ÷åßùí
ãéá ôï êÜèå jail, êáé óôç óõíÝ÷åéá åêêéíÞóôå ôá,
÷ñçóéìïðïéþíôáò ôï script
<filename>/etc/rc.d/jail</filename>:</para>
<screen>&prompt.root; <userinput>mount -a</userinput>
&prompt.root; <userinput>/etc/rc.d/jail start</userinput></screen>
</step>
</procedure>
<para>Ôá jails èá ðñÝðåé ôþñá íá åêôåëïýíôáé êáíïíéêÜ. Ãá íá åëÝãîåôå
áí Ý÷ïõí îåêéíÞóåé óùóôÜ, ÷ñçóéìïðïéåßóôå ôçí åíôïëÞ &man.jls.8;.
Èá ðñÝðåé íá äåßôå êÜôé áíôßóôïé÷ï ìå ôï ðáñáêÜôù:</para>
<screen>&prompt.root; <userinput>jls</userinput>
JID IP Address Hostname Path
3 192.168.3.17 ns.example.org /home/j/ns
2 192.168.3.18 mail.example.org /home/j/mail
1 62.123.43.14 www.example.org /home/j/www</screen>
<para>Óå áõôü ôï óçìåßï, èá ðñÝðåé íá ìðïñåßôå íá óõíäåèåßôå óå êÜèå
jail, íá ðñïóèÝóåôå íÝïõò ÷ñÞóôåò Þ íá ñõèìßóåôå õðçñåóßåò. Ç óôÞëç
<literal>JID</literal> äçëþíåé ôï ÷áñáêôçñéóôéêü áíáãíùñéóôéêü
áñéèìü êÜèå åíåñãïý jail. ×ñçóéìïðïéÞóôå ôçí ðáñáêÜôù åíôïëÞ
ðñïêåéìÝíïõ íá åêôåëÝóåôå åñãáóßåò äéá÷åßñéóçò ôïõ jail, ìå
<literal>JID</literal> 3:</para>
<screen>&prompt.root; <userinput>jexec 3 tcsh</userinput></screen>
</sect3>
<sect3 id="jails-service-jails-upgrading">
<title>ÁíáâÜèìéóç</title>
<para>ÊÜðïéá óôéãìÞ, èá ÷ñåéáóôåß íá áíáâáèìßóåôå ôï óýóôçìÜ óáò óå
ìéá íÝá Ýêäïóç ôïõ &os;, åßôå ãéá ëüãïõò áóöÜëåéáò, åßôå ãéáôß
õðÜñ÷ïõí íÝåò äõíáôüôçôåò óôçí íåþôåñç Ýêäïóç ïé ïðïßåò åßíáé
÷ñÞóéìåò ãéá ôá jails ðïõ Þäç Ý÷åôå. Ï ôñüðïò ðïõ ÷ñçóéìïðïéÞóáìå
ãéá ôçí äçìéïõñãßá ôùí jails, åðéôñÝðåé ôçí åýêïëç áíáâÜèìéóç ôïõò.
ÅðéðëÝïí, åëá÷éóôïðïéåß ôï ÷ñüíï äéáêïðÞò ôçò ëåéôïõñãßáò ôïõò, ìéá
êáé èá ÷ñåéáóôåß íá ôá óôáìáôÞóåôå ìüíï êáôÜ ôá ëßãá ôåëåõôáßá
ëåðôÜ. Åðßóçò, ðáñÝ÷åé Ýíáí ôñüðï íá åðéóôñÝøåôå óå ðáëáéüôåñåò
åêäüóåéò åÜí ðñïêýøïõí ïðïéáäÞðïôå óöÜëìáôá.</para>
<procedure>
<step>
<para>Ôï ðñþôï âÞìá åßíáé íá áíáâáèìßóåôå ôï óýóôçìá óôï ïðïßï
öéëïîåíïýíôáé ôá jails, ìå ôï óõíÞèç ôñüðï. Óôç óõíÝ÷åéá
äçìéïõñãÞóôå Ýíá íÝï ðñïóùñéíü template êáôÜëïãï, ìüíï ãéá
áíÜãíùóç, óôï
<filename class="directory">/home/j/mroot2</filename>.</para>
<screen>&prompt.root; <userinput>mkdir /home/j/mroot2</userinput>
&prompt.root; <userinput>cd /usr/src</userinput>
&prompt.root; <userinput>make installworld DESTDIR=/home/j/mroot2</userinput>
&prompt.root; <userinput>cd /home/j/mroot2</userinput>
&prompt.root; <userinput>cpdup /usr/src usr/src</userinput>
&prompt.root; <userinput>mkdir s</userinput></screen>
<para>Ôï <maketarget>installworld</maketarget> äçìéïõñãåß
ìåñéêïýò êáôáëüãïõò ðïõ äå ÷ñåéÜæïíôáé, êáé èá ðñÝðåé
íá äéáãñáöïýí:</para>
<screen>&prompt.root; <userinput>chflags -R 0 var</userinput>
&prompt.root; <userinput>rm -R etc var root usr/local tmp</userinput></screen>
</step>
<step>
<para>ÄçìéïõñãÞóôå îáíÜ ôïõò óõíäÝóìïõò ãéá ôï óýóôçìá áñ÷åßùí
áíÜãíùóçò - åããñáöÞò:</para>
<screen>&prompt.root; <userinput>ln -s s/etc etc</userinput>
&prompt.root; <userinput>ln -s s/root root</userinput>
&prompt.root; <userinput>ln -s s/home home</userinput>
&prompt.root; <userinput>ln -s ../s/usr-local usr/local</userinput>
&prompt.root; <userinput>ln -s ../s/usr-X11R6 usr/X11R6</userinput>
&prompt.root; <userinput>ln -s s/tmp tmp</userinput>
&prompt.root; <userinput>ln -s s/var var</userinput></screen>
</step>
<step>
<para>Ôþñá åßíáé ç óùóôÞ óôéãìÞ ãéá íá óôáìáôÞóåôå ôá
jails:</para>
<screen>&prompt.root; <userinput>/etc/rc.d/jail stop</userinput></screen>
</step>
<step>
<para>ÁðïðñïóáñôÞóôå ôá áñ÷éêÜ óõóôÞìáôá áñ÷åßùí:</para>
<!-- keramida: Shouldn't we suggest a short script-based
loop here, instead of tediously copying the same commands
multiple times? -->
<screen>&prompt.root; <userinput>umount /home/j/ns/s</userinput>
&prompt.root; <userinput>umount /home/j/ns</userinput>
&prompt.root; <userinput>umount /home/j/mail/s</userinput>
&prompt.root; <userinput>umount /home/j/mail</userinput>
&prompt.root; <userinput>umount /home/j/www/s</userinput>
&prompt.root; <userinput>umount /home/j/www</userinput></screen>
<note>
<para>Ôá óõóôÞìáôá áñ÷åßùí áíÜãíùóçò - åããñáöÞò åßíáé
ðñïóáñôçìÝíá óôï óýóôçìá áñ÷åßùí ìüíï áíÜãíùóçò
(<filename class="directory">/s</filename>) êáé ðñÝðåé íá
åßíáé ôá ðñþôá ðïõ èá áðïðñïóáñôçèïýí.</para>
</note>
</step>
<step>
<para>ÌåôáêéíÞóôå ôïí ðáëéü ìüíï ãéá áíÜãíùóç êáôÜëïãï, êáé
áíôéêáôáóôÞóôå ôïí ìå ôïí êáéíïýñãéï. Ï ðáëéüò èá ðáñáìåßíåé ùò
áíôßãñáöï áóöáëåßáò ôïõ ðáëéïý óõóôÞìáôïò óå ðåñßðôùóç
ðñïâëÞìáôïò. Ï ôñüðïò ïíïìáóßáò ðïõ áêïëïõèÞóáìå åäþ
áíôéóôïé÷åß óôç ÷ñïíéêÞ óôéãìÞ äçìéïõñãßáò ôïõ íÝïõ óõóôÞìáôïò
áñ÷åßùí ìüíï áíÜãíùóçò. ÌåôáêéíÞóôå ôçí áñ÷éêÞ óõëëïãÞ ôùí
Ports ôïõ &os; óôï íÝï óýóôçìá, áñ÷åßùí ðñïêåéìÝíïõ íá
åîïéêïíïìÞóåôå ÷þñï êáé inodes:</para>
<screen>&prompt.root; <userinput>cd /home/j</userinput>
&prompt.root; <userinput>mv mroot mroot.20060601</userinput>
&prompt.root; <userinput>mv mroot2 mroot</userinput>
&prompt.root; <userinput>mv mroot.20060601/usr/ports mroot/usr</userinput></screen>
</step>
<step>
<para>Óå áõôü ôï óçìåßï ôï ìüíï ãéá áíÜãíùóç template åßíáé
Ýôïéìï, ïðüôå ôï ìüíï ðïõ áðïìÝíåé åßíáé íá ðñïóáñôÞóåôå îáíÜ
ôá óõóôÞìáôá áñ÷åßùí êáé íá îåêéíÞóåôå ôá jails:</para>
<screen>&prompt.root; <userinput>mount -a</userinput>
&prompt.root; <userinput>/etc/rc.d/jail start</userinput></screen>
</step>
</procedure>
<para>×ñçóéìïðïéåßôå ôçí åíôïëÞ &man.jls.8; ãéá íá åëÝãîåôå åÜí ôá
jails îåêßíçóáí óùóôÜ. Ìçí îå÷Üóåôå íá åêôåëÝóåôå ôï mergemaster
ãéá ôï êÜèå jail. Èá ÷ñåéáóôåß íá áíáâáèìßóåôå ôüóï ôá áñ÷åßá
ñõèìßóåùí, üóï êáé ôá rc.d scripts.</para>
</sect3>
</sect2>
</sect1>
</chapter>
|
