UNIX has always been designed around two levels of users: root and everybody else. While this is a simple and strong security model, it has disadvantages when it comes to delegating administrative tasks to more or less trusted persons. The FreeBSD ``Jail'' facility provides a way to compartmentalize a server in such a way that the root-privilege for one compartment can be handed over to non-trusted persons without compromising the security of the entire machine. Creating "virtual machines" this way has many uses, the most popular being InterNet servers. The talk will describe the way jails work, the pros and cons, some details about the implementation, show how to setup a jail and give some examples of real-world applications for jails. The target audience for this presentation is UNIX superusers and technology strategists for ISPs and InterNet content providers. The presentation is heavily centered around the superuser role in UNIX systems, and some experience and knowledge of this area will be a prerequisite for the audience.

Poul-Henning Kamp belive that UNIX is the best OS ever made so far, he is convinced we can still make it better and he has been trying to since the early eighties. Ever since Minix 1.0 came out Poul-Henning has been running UNIX on his laptop, and via 386BSD he came to FreeBSD where he joined the Core Team in 1994. Since then Poul-Henning has been release engineer for a number of FreeBSD releases, written, rewritten and cleaned up many pieces of FreeBSD kernel, written a memory allocator, a password scrambler, the beerware license and generally been having a good time. Poul-Henning lives in Denmark with his son, his daughter about ten FreeBSD computers and one of the worlds most precise NTP clocks. He makes a living as an independent contractor doing all sorts of magic with computers and network.