"Marten Rizwan" <[EMAIL PROTECTED]> writes: > If your users are in /home and you're not willing to modify your filesystem > layout much, you could simply export your /home as readonly nfs share and > mount it to /var/www/users. > something like that should work in /etc/exports: > /home -alldirs,ro 127.0.0.1 > > $ mount_nfs -o rw 127.0.0.1:/home /var/www/users > now you can ignore the fact that apache is chrooted. Don't expect read > performance to be the same though.
I'm maybe going to say something totally wrong but i believe that i've read some times ago (and i didn't remember when) that re-mounting a local fs via nfs locally is problematic and unstable, especially when mounting a subdirectory of the original filesystem. I think i've also read that the reason was, once a file opened and referenced through it's specific inode, the underlyning vfs code could never later know when using it's inode if it was opened via the non-nfs-mounted path or via the nfs-mounted path. I then emitted on that some "theory" on my own to try to understand why it was/could be problematic (which i've never took time to investigate further) What i thinked about is that once you have, for exemple, opendir()'ed the directory "/var/www/users" and do listing on it, how the vfs code layer send you back the correct inode value for the special ".." directory (which could make for exemple getcwd() bugging in a weird way), and how it could correctly handle it if you want to chdir() to it, consider the following operations: - open "/var/www/users" - fchdir to it - open .. - fchdir to it Will you expect the system to bring you to "/var/www" or to "/", the parent directory of "/home/"? What it will do in reality? Can the chrooted process in "/var/www" escape the chroot using "/var/www/users/.." in a special way? I originally google'd a bit on words like "mount nfs local" after having some weird unstabilities on an OpenBSD 3.9 box running the same setup above, (on remote box which didn't respond to ping, maybe crashing...), i then stopped to remount the filesystem locally and stopped chroot'ing it and problems never happened anymore since i no longer used weird combinaisons of local filesystem + remount it via nfs elsewhere + chroot. Think of it if you discover some problems. For the purpose of skipping insulting stuff, i'm writing again my first sentence which was a disclaimer: "I'm maybe going to say something totally wrong [...]". -- folays
