jails What is the recommended way to connect to a running jail?

Hello, I'm not a FreeBSD newb, but I'm new to jails, and read different solutions. I tried to build a jail with a webserver. Now I could start it. Then I wonder that are different outputs with these commands after I had start it:

jexec 57 ps -ax gives me something like this
Code:
 PID TT  STAT    TIME COMMAND
1220  -  IJ   0:00,02 /usr/local/sbin/httpd -DSSL -DNOHTTPACCEPT
6153  -  IsJ  0:00,01 /usr/sbin/syslogd -ss
0132  -  IsJ  0:00,01 /usr/sbin/cron -s
8328  -  IsJ  0:00,00 /usr/sbin/sshd
9702  -  SsJ  0:00,03 sendmail: accepting connections (sendmail)
0406  -  IsJ  0:00,00 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail)
5848  -  SsJ  0:00,16 /usr/local/sbin/httpd -DSSL -DNOHTTPACCEPT
7002  -  IJ   0:00,01 /usr/local/sbin/rotatelogs -f /var/log/httpd.d/httpd-error-%Y-%m-%d_%H-%M-%S.log 1M
7125  -  IJ   0:00,01 /usr/local/sbin/rotatelogs -f /var/log/httpd.d/httpd-ssl-error-%Y-%m-%d_%H-%M-%S.log 1M
7947  -  IJ   0:00,00 /usr/local/sbin/rotatelogs -l /var/log/httpd.d/httpd-access-%Y-%m.log 5M
9157  -  IJ   0:00,01 /usr/local/sbin/rotatelogs -f /var/log/httpd.d/httpd-ssl-access-%Y-%m.log 5M
9947  -  IJ   0:00,00 /usr/local/sbin/httpd -DSSL -DNOHTTPACCEPT
0076  -  IJ   0:00,00 /usr/local/sbin/httpd -DSSL -DNOHTTPACCEPT
0634  -  IJ   0:00,03 /usr/local/sbin/httpd -DSSL -DNOHTTPACCEPT
1067  -  IJ   0:00,03 /usr/local/sbin/httpd -DSSL -DNOHTTPACCEPT
1346  -  IJ   0:00,01 /usr/local/sbin/httpd -DSSL -DNOHTTPACCEPT
but with this way, it shows nothing is running:
Code:
jail "/path/to/jail" jailname IP.IP.IP.IP /bin/tcsh
jail>ps -ax

PID TT  STAT    TIME COMMAND
228  0  SJ   0:00,04 /bin/tcsh
302  0  R+J  0:00,00 ps -ax

jail>id

uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)

I think I do something wrong. I could imagine that with the second way I created a new process and in that is nothing until I do some. But "tcsh" on the host and "ps -ax" give me the same output what is running.

The simple question is, what is the recommended way to connect to jail and work in it?
jail jexec ssh "to jail" from host.
 
jail "/path/to/jail" jailname IP.IP.IP.IP /bin/tcsh
This starts a new jail. But because there's nothing set for exec.start, nothing is actually starting/running inside that jail (besides the shell you invoked). You're basically in single user mode here.

Code:
     exec.start
             Command(s) to run in the jail environment when a jail is created.
             A typical command to run is "sh /etc/rc".
Adding this will actually "boot" the jail as if it were a 'stand-alone' machine.
 
I run an ssh server (IP :127.0.0.1) on the startup of the jail and then i just ssh into the jail to connect. It's safe,flexible and easy.
 
This starts a new jail. But because there's nothing set for exec.start, nothing is actually starting/running inside that jail (besides the shell you invoked). You're basically in single user mode here.

Code:
     exec.start
             Command(s) to run in the jail environment when a jail is created.
             A typical command to run is "sh /etc/rc".
Adding this will actually "boot" the jail as if it were a 'stand-alone' machine.
??? sorry, I do not understand "this starts a new jail". All configs has been done in /etc/jail.conf - like
# Commands to execute when the jail is started or stopped.
# These commands are executed inside the jail.
exec.start = "/bin/sh /etc/rc"; # Start command: start a full FreeBSD userland
exec.stop = "/bin/sh /etc/rc.shutdown"; # Stop command
I told the jail is running. Before above command jail "/path/to/jail" jailname IP.IP.IP.IP /bin/tcsh I had done:
service jail onestart www
 
sorry, I do not understand "this starts a new jail".
Your command: jail "/path/to/jail" jailname IP.IP.IP.IP /bin/tcsh
Is this invocation of jail(8):
Code:
 jail [-dhilqv] [-J jid_file] [-u username] [-U username] [-n jailname]
          [-s securelevel] path hostname ip[,...] command ...
This starts a jail from the command line. It doesn't use the settings from jail.conf, it uses the parameters you have given it on the command line.

I had done:
service jail onestart www
You can start a jail that way, yes. This just translates to jail -c www.
 
The simple question is, what is the recommended way to connect to jail and work in it?
Depends from where you want to connect to the jail:

a) from the jail host just login like this: jexec <jail_name> login -f <user_in_jail>

b) from LAN/WAN:
ssh <user_in_jail>@<jail_hostname>
That requires a listening sshd in the jail and a ssh-user (with group wheel if su is needed in the jail).
 
Back
Top