With this (and the next) post we’re going to take a look at FreeBSD, assuming some basic Linux experience. The goal is to provide an easy introduction and to show where that system behaves differently from Linux. And we’ll also touch the subject of strengths and weaknesses of FreeBSD.
What is FreeBSD?
Linux is a Unix-like Operating system and the same is true for FreeBSD. The difference is that FreeBSD is a direct offspring of BSD-Unix whereas Linux was coded from scratch and did never have any code in common with Unix. So compared with Linux, FreeBSD is clearly “more Unix”. But why don’t we just say that it IS a Unix since it once was? Because of legal trouble…
Technically, FreeBSD is a much improved BSD-Unix. But there’s one problem: UNIX is a trademark. In order to call your system a Unix, it must comply with the Unix specifications. FreeBSD did this and probably still does for the largest part. That’s just the first requirement, though! The other is that you need to have your OS certified – which is not exactly a cheap thing to do. IBM did this for AIX, HP for HP-UX, etc. FreeBSD, being a non-commercial community project, needs the money it receives from donations for other things. And so – for legal reasons – FreeBSD is not a Unix but just a “Unix-like” system.
However it has come from Unix and it feels like Unix (with quite some things a little different from Linux). So if you don’t like the stiff term “Unix-like” you can of course think of your FreeBSD as a Unix system in contrast to Linux.
FreeBSD’s goal as stated by the project, is to provide a general purpose, secure and highly scalable operating system that is available free of charge. Sounds a lot like Linux so far, doesn’t it? Yeah, it does. But please keep in mind that this doesn’t make FreeBSD the boring rip-off. FreeBSD was there first! But even if you’d argue that it’s obsolete, now that Linux does extremely well in just about all areas (and admittedly better in quite some), there’s one more point. FreeBSD is meant to be available free of charge and under a permissive license!
Linux is GPL’ed. That makes it available for free and ensures that the code will always be open, because the license enforces these things. FreeBSD, licensed under the BSD license, does not do this. You are free to do things with it which the GPL does not allow. A whole lot of people don’t care (they have probably never even thought about licensing) and quite some people applaud the GPL’s approach. Others however prefer BSD-style licenses. It’s a matter of taste and a philosophic question that cannot really be decided once and for all.
I’ve written a short post on an introduction to licenses more than a year ago. It was meant to have a follow-up article but I didn’t find the time to write that one, yet.
System structure
The whole operating system is integrally connected. Where a Linux distro is actually “the Linux kernel plus (a lot of) packages”, FreeBSD is different. Programs from upstream are imported into the system repository and often patched. The versions are chosen to play together nicely with all the other components of the system.
This operating system consists of two parts: kernel and world, the latter being the userspace part of it. The actual software you install on top of the OS is separated from it: Files are put into /usr/local so they don’t mix with those that belong to the base system – which is quite a clean thing.
Traditionally FreeBSD has come with the ports system. If you want to install an application which is not part of the OS, you change into the respective directory of the ports tree and run make install clean. The Makefiles (and a few other files as well) then take care that the source code is downloaded, extracted and configured, that patches are applied, the program is compiled and installed. You do not need to know anything about how to get a program to work on FreeBSD. If somebody already wrote a port, it’s as easy as issuing that make command. The port will also ensure that any dependencies needed are present on the system and, in case any is missing, they are automatically built and installed by the ports system, too.
But that’s not all. Ports for many programs are created to allow you to select which features to compile a program with. A simple menu-driven UI let’s you check and uncheck features for each port. And of course it allows for clean removal of installed software using make deinstall. Also the ports tree often offers you various versions of a program to choose from. Want Apache 2.4 or probably rather 2.2? Or perhaps you need gcc. Feel free to choose any of 4.6, 4.7, 4.8, 4.9 and 5.1!
This allows for easy customizing of the software you install: You get exactly what you need and want. If you have no special needs for some programs and don’t want to compile it on your computer, you can of course use pre-built binary packages like on Linux. And the best thing: Since the ports system actually builds packages, you can mix the two as they play together nicely and won’t conflict!
Some strong points
FreeBSD has a world-class network stack – which is absolutely no wonder since TCP/IP was in fact developed on BSD Unix! This is one example where FreeBSD is superior to Linux.
Another nice feature are the so-called secure levels together with the extended file flags. The later open up some interesting possibilities: You could, for example, set the file flag “append only” on a log file. The log is not “read only” – it can be written to. So new log entries can be appended to the file. But it is impossible to either delete the file or remove content that’s already in it! If an attacker (who does not want you to notice that he broke into your system) tries to cover his tracks this can be extremely frustrating as there is no way he can get rid of anything that’s in the log!
That is… As long as he doesn’t just remove the file flag. But to make that impossible as well, FreeBSD has secure levels. You can always add file flags. But you can only remove them when the system is in secure level 0. And here’s the show-stopper: Once set to higher than 0 secure levels cannot be reduced. Not even by root and not even by yourself with physical access to your server! There’s exactly one way to get rid of a secure level greater than 0: Reboot… And a reboot won’t go unnoticed easily, right?
One more very cool feature are jails. Think of them as hardened chroot environments with a lot of extras (like IP addresses for a jail). They are kept strictly separate from the rest of the system (and from other jails). You have heard about all that “container” stuff that’s currently en vogue in Linux, haven’t you? No need for that on FreeBSD! If you want a secure environment (or several) for single applications – just jail them. FreeBSD offers this possibility for ages now (as does Solaris, where this functionality is provided by what’s called “zones”.)
And perhaps you have heard good things about the ZFS filesystem or about DTRACE. FreeBSD comes with both of them and they are considered stable. And of course there’s much more to it. But let’s leave that for the next post where we’ll get our hands on FreeBSD, right?
For those of you who are interested, here’s a little Unix history (it’s good to know because it helps understand why things are how they are today – but if you don’t care at all you can of course skip it).
Unix history
In 1964 AT&T, GE (General Electric) and the MIT (Massachusetts Institute of Technology) teamed up to create a sophisticated new operating system they called Multics. It was extremely innovative and pioneered many features in computing. A lot of people thought however that it was overly complex and not quite the system they wanted.
Eventually AT&T pulled out of the project and started another one in 1969 which followed the converse idea: Simplicity over complexity! This operating system is known as “research Unix”. In the following years various versions were completed and licensed especially to universities for little money (because AT&T was not allowed to compete on the software market at that time due to their telephone monopoly). During that time it was a matter of course that you got the source code when you bought software. For that reason students of computer science could look at the code – and modify it.
Written in assembler at first, Unix was soon re-written in the new programming language C which forever remains closely tied to Unix. Thanks to the availability of the code, the universities kept producing patches with new functionality for Unix and gave it away for free to anybody who had licensed the OS. At the center of this development was Berkeley University which collected these patches and patch sets. They created software releases which were called “Berkeley System Distribution” or BSD for short. The first one was 1BSD in 1978. Due to the massive changes they did to the system, with 3BSD they began shipping a whole OS which was based on the VAX port of AT&T’s Unix Seventh Edition.
The university created various 4.xBSD releases over the years. These grew in popularity fast and quite often Unix from AT&T was bought and put aside only to be able to actually use BSD legally! In 1986 the influential version 4.3BSD with which BSD moved away from the VAX was released. The year 1992 saw the release of a short-lived project which nevertheless had a huge impact: 386BSD or Jolix (named after its creators, Lynne and William Jolitz). It was an effort to port 4.3BSD to the 80386 PC.
Now the BSD story repeated in a smaller scale: 386BSD enthusiasts created patches for the system and an unofficial patchkit was provided from it. Due to a difference in opinion the patchkit maintainers broke away from 386BSD and founded the FreeBSD project. About the same time another group of 386BSD users started they own project derived from that 386BSD: NetBSD was born.
The original BSD project ended in 1994 with a strange last release called 4.4BSD-lite. It was a crippled release that could not even run on its own! The reason was a lawsuit from the Unix System Laboratories. Formed after AT&T’s forced break-up, they finally could compete on the PC market and began to offer Unix for high prices. It goes without saying that the existence of BSD was a thorn in their side – and they meant to remove it!
But greed is not a good advisor and in the end the case was settled out of court. Why? Because the university proved that over the years almost all of AT&T’s code had been replaced. BSD was almost a system completely of its own! But that’s not all. In fact AT&T had taken the free code from BSD and used it in their newer Unix releases. While there’s nothing wrong with that, they didn’t give the BSD credit for their work. And by failing to do that it turned out that they were violating the BSD licence themselves!
It is the legal struggle and uncertainty that followed from the case which can be seen as one reason why Linux gained more and more attention: If you chose any BSD derivative you never know what might happen some day…
What’s next?
Next in line is a FreeBSD tutorial that puts focus on getting the system installed and exploring what’s different from Linux.
eerielinux 
Elsewhere on this splendid blog, you alluded that NetBSD wasn’t your bag (or words to this effect). Is there an existing post expanding on this view? Could you, if not, perhaps find the time to mention briefly why this is the case? Curiosity is the sole reason I enquire. Cheers!
Hi Simurghian, thanks for your compliment! Glad you’re enjoying the blog. About NetBSD: It all comes down to “it never really fit anywhere in my projects”. The cool things that I’m aware of them doing are either way over my head (rumpkernel, LUA in kernel, etc.) or didn’t seem that useful to me (e.g. I’m very happy with Pf, my motivation to evaluate another firewall so far has been lower than my account of free time).
I installed it in a VM a number of times without getting especially hooked by anything. And once I even installed it on hardware when I wanted to dig into pkgsrc and figured it might be a good idea to do so on the reference platform. On that occasion I used NetBSD for about two days. I got things to work and it did what I asked it to do. While that’s nice, there wasn’t too much I could have written about, nothing “spectacular”.
Also I don’t own any exotic hardware beyond some old stuff that also runs FreeBSD or OpenBSD fine. Well, actually there’s one thing: I’m very interested in the RISC-V platform and had hoped that a NetBSD port would emerge rather soon since that should be exactly what their community loves. A working port would have changed everything for me and I’d have switched over spare machines to NetBSD to become more familiar with the OS for the time when RISC-V hardware becomes available (looks like SiFive’s 64-bit project will be available in the first half of 2018). Somehow it seems like there’s not too much going on with NetBSD in that regard… In fact FreeBSD got an unexpected jumpstart on RISC-V thanks to the amazing work of Ruslan Bukin.
To sum it up: I’m not indifferent or even hostile towards NetBSD. I’ve simply yet to find something where it’s appealing for the kind of tinkering I’m doing. Chances are of course that I totally missed something. NetBSD seems not to be particularly good at communicating what they are doing to the outside world. 😉