I am quite fond of FreeBSD. It has several nice features that I find very useful. This review will be most useful to people who are already familiar with UNIX like operating systems, but those that aren’t may still find it useful. It assumes readers understand basic systems administration.
Here is a short list of the features I am particularly fond of:
- Native ZFS support, which is hands down my favorite file system
- Lightweight and easy to configure container software
- In place upgrades of minor and major versions
- Applications separated from OS core
- Very detailed and helpful security alerts
- The ports and package system
- Easy to customize kernel
- Large software repository
- Firewall choices
- Good documentation
ZFS is a file system created by Sun Microsystems for Solaris. Before being bought by Oracle, they released the source code under the CDDL license.
ZFS is more than just a file system, it is also a volume manager that supports striping, mirroring, concatenations, single parity RAID, double parity RAID, triple parity RAID, and striped mirrors. Configuring any of these volumes is as simple as running a single command specifying which device is used for what.
ZFS supports snapshots, inline deduplication, inline compression, quotas, reservations (guarantees a certain amount of space is available), and something called clones. Clones are basically taking a snapshot of a filesystem and mounting it somewhere. Clones only take up as much space as the changes made.
ZFS makes a great backup repository. With inline deduplication and compression, you could easily run daily full backups of many systems for a long time and not worry about running out of space. Be warned that deduplication takes a lot of memory to store the block hashes and some operations can be slow. I only recommend using deduplication for certain use cases. Compression on the other hand can actually give you better performance because it takes longer to read and write from storage than run then compression algorithm.
It is also very easy to backup. Snapshots combined with the ability to send filesystems or snapshots to standard output make it very easy to backup as well.
FreeBSD has a feature called jails. Jails are similar to Solaris zones, but has some differences. Jails are described in the FreeBSD Handbook as building on chroot. Like chroot, jails have their own directory subtree. They also have their own users, IP address and hostname. I like to think of them as limited virtual machines. Jails can be used to limit the hardware resources a process or set of processes can use. With ZFS, new jails can be spun up very quickly, making them a great way to test things without using a lot of time or disk space. Jails are a great way to make the most of your hardware. Applications that should be isolated for security reasons, but don’t use a lot of hardware resources are a great candidate for a jail. Directory servers, DHCP servers, and DNS servers are great candidates.
In Place Upgrades
One of the great things about FreeBSD is in place upgrades. It is possible to upgrade from one major version to the next without doing a reinstall. The upgrade process will show you the differences between configuration files you have modified and the stock one in the version you are upgrading to. The upgrade tool lets you choose one, merge them, or manually edit the resulting file. The upgrade risk can be minimized by using ZFS’s snapshot feature prior to the upgrade. Rolling back from a botched upgrade is as easy as rolling back to your snapshots.
There is a catch though. You have to rebuild all ports and reinstall all packages after a major version upgrade due to ABI changes. This can take a substantial amount of time depending on which ports you have to rebuild. Minor version upgrades do not require this.
FreeBSD separates the core OS and third party software. Any software installed from the package or ports repositories will be installed into /usr/local. This separation prevents third party software from affecting the base system and vice versa. This makes bringing a system back to a fresh install like state a breeze. Simply remove all packages and then delete everything in /usr/local.
This also allows you to upgrade the OS core without worrying too much about breaking your applications. For example, if you want to use Apache 2.2, you can continue to do so across major upgrades. Lets say you are using the standard packages from the Red Hat Enterprise Linux (RHEL) 6 repositories and upgrade to RHEL 7. You will also be upgrading Apache from 2.2 to 2.4. The solution would be to install your own copy into /opt, but then you lose the ease of patching since you will have to patch that installation manually rather than use your package manager.
The FreeBSD security advisories are some of the best security notifications I have seen. You can get them via mailing list, RSS feed, or periodically visiting the FreeBSD Security Advisories page. They are very detailed. Expect a CVE number if one exists, how to fix or work around the issue, versions affected, and a detailed explanation of what the vulnerability is.
There is also an RSS feed for the ports collection as well. One of the nice things about the ports security advisories is that if you try to install a vulnerable port, it won’t install. It will instead prompt you and tell you that is vulnerable, along with giving you instructions on how to install it anyway. Unfortunately, you won’t get this warning with binary packages, but there is a tool that will give you a report of all installed packages with security advisories.
Overall, FreeBSD’s security notification is very good.
Ports and Packages
Like most Linux distributions, FreeBSD’s package management tools automatically resolve dependencies and download packages from repositories. FreeBSD goes beyond this with the ports system.
Ports allow you to build packages from source, giving you more control than a binary package. You can do this with source packages on RPM or Debian based distributions, but FreeBSD ports are easier to use and upgrade. When you build a port, things you normally have to manually pass to on autoconf script, such as enabling or disabling a feature are presented in a simple menu. Your choices are saved, so when you update the software, you don’t have to remember which options to pass to the configure script and you are ensuring you don’t lose the customization with the upgrade.
Simple Kernel Customization
In my opinion, building and maintaining a customized kernel is easier to do with FreeBSD than most Linux distributions. Gentoo is the exception, but it still takes a good amount of time to configure it the first time. With FreeBSD, there is a simple and straightforward make file that you edit. It take a lot less time than using the Linux kernel configuration tools. Another nice thing about it is upgrading a custom kernel to the latest version is as simple as running a few commands and waiting for it to compile.
The FreeBSD repositories have a huge number of available packages. As of August 2016, there are about 26000 ports available in the ports collection. You will find recent versions of your garden-variety web servers and databases such as Apache, PostgreSQL, NGINX, and Maria DB. You will find agents and plugins for common monitoring software like Nagios and Zabbix. There are a fair number of window managers and desktop environments available. The ports web page has tools for browsing and searching through what is available.
Fortunately, commercial backup systems tend to have agents for FreeBSD, but your mileage may vary. In one situation, the backup software only had an agent available for on older version of FreeBSD. I was able to get it working on the latest version, but it took a lot of work. The package provided was in an old format, so I had to extract the package contents and put the files in place manually. The init script needed heavy modification as well.
Unfortunately (or fortunately if you hold certain ideals), you won’t find FreeBSD typically supported by popular commercial software. If you absolutely have to run things like Oracle, Weblogic, Websphere, or Sybase, then FreeBSD is probably a poor choice. You may be able to get Java software such as Java application servers to to run, but I would not advise this. There is a good chance tech support will tell you that since you are on an unsupported operating system, that you are on your own. You likely won’t have the source code to read and modify either, so self support would be very tough. The website has a list of vendors offering commercial software for FreeBSD.
Support and Documentation
FreeBSD has great documentation: FreeBSD Handbook, FreeBSD Developers’ Handbook, FreeBSD Porter’s Handbook, and Manual Pages. I have noticed some parts of the handbook could use updating with how newer versions of FreeBSD do things, but haven’t found anything to be inaccurate.
There are a number of options available if you need help. There is an active community that you can reach out to via IRC, message board, or mailing list. There are also consulting services provided by a number of companies and individuals.
FreeBSD provides three choices of firewall software. IPFW, which was written for FreeBSD, ipfilter, which is used by a few commercial UNIX OS’s, and PF, which is maintained by the OpenBSD project. All three of these firewalls are very good and should be able to meet your needs. All three of them are covered in the FreeBSD handbook. I use IPFW on the servers that I administer.
Whether you are looking to use FreeBSD as an internet facing server, internal server for your organization, or for home use, it is a great operating system that I highly recommend at least trying. I have only covered some of the great things about FreeBSD. Take a few minutes to browse through the handbook to check out what else FreeBSD can do.