Re: Symlinks & chroot - Is it Possible?
On 4/3/2004 11:21 AM den wrote: I use mount_null and have no problem with it. You need create dir in each user home and use mount_null for mount your chrooted dir with created directories as mount points . So you need add many lines in your /etc/fstab file . I understand. Thanks for your reply. I think that words in manual about beta concern writing in directory that uses mount_null. I don't use write and it seems that you don't need write too. So use this fs type ( set in fstab "ro" option for this mount point). And read man for mount_null. This seems reasonable. Can anyone else comment on their experience using mount_null read only? Thanks, Drew Drew Tomlinson wrote: I have a few users that I wish to allow FTP access on my 4.9-RELEASE-p4 system. I've setup their accounts and added them to /etc/ftpchroot to lock them into their login directories. They are in the standard /home/user dirs. However, I want all of them to have access to another directory (/ftp/share) that is setup read-only. I tried adding a symlink to /ftp/share but I've found this doesn't work when the user is chrooted. I've Googled on this issue. A FAQ for PureFTPd confirms this and suggests mount_null. But the man page for mount_null says that the code is beta and may wipe out a file system. What is the best way to achieve my objective? If mount_null is it, how do I use it? Do I include it in some sort of login script? I've set these users shells to nologin. How would that work? Thanks, Drew ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Symlinks & chroot - Is it Possible?
On 4/3/2004 12:13 PM Mark wrote: Drew Tomlinson wrote: I have a few users that I wish to allow FTP access on my 4.9-RELEASE-p4 system. I've setup their accounts and added them to /etc/ftpchroot to lock them into their login directories. They are in the standard /home/user dirs. However, I want all of them to have access to another directory (/ftp/share) that is setup read-only. I tried adding a symlink to /ftp/share but I've found this doesn't work when the user is chrooted. True. A symlink cannot traverse 'up' the chroot; only a hardlink can (to a file). Personally, I would not use something as beta as "mount_null". When the man pages say: "(READ: IT DOESN'T WORK)", I would stay clear of it. There are other ways, though. You say your chroot is at: /etc/ftpchroot Thank you for your reply. No, I created the file /etc/ftpchroot to chroot the user at /home/. Sorry for the confusion. I'm not necessarily sure whether the root-partition is the best place for a chroot; Agreed. but working from that fact, you could "reverse" the condition. Instead of trying to link to /ftp/share, from within the chroot, you could do the opposite: first create the following directory: /etc/ftpchroot/ftp/share Then, in /ftp/, symlink to within the chrooted dir: share -> /etc/ftpchroot/ftp/share Then "/ftp/share" is accessible from both the 'real' and the chrooted environment, pointing to the same directory. Short of another solution, I may move things around to implement your suggestion. Thanks, Drew ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Symlinks & chroot - Is it Possible?
Drew Tomlinson wrote: > I have a few users that I wish to allow FTP access on my > 4.9-RELEASE-p4 system. I've setup their accounts and added them to > /etc/ftpchroot to lock them into their login directories. > They are in the standard /home/user dirs. > > However, I want all of them to have access to another directory > (/ftp/share) that is setup read-only. I tried adding a symlink to > /ftp/share but I've found this doesn't work when the user is chrooted. True. A symlink cannot traverse 'up' the chroot; only a hardlink can (to a file). Personally, I would not use something as beta as "mount_null". When the man pages say: "(READ: IT DOESN'T WORK)", I would stay clear of it. There are other ways, though. You say your chroot is at: /etc/ftpchroot I'm not necessarily sure whether the root-partition is the best place for a chroot; but working from that fact, you could "reverse" the condition. Instead of trying to link to /ftp/share, from within the chroot, you could do the opposite: first create the following directory: /etc/ftpchroot/ftp/share Then, in /ftp/, symlink to within the chrooted dir: share -> /etc/ftpchroot/ftp/share Then "/ftp/share" is accessible from both the 'real' and the chrooted environment, pointing to the same directory. - Mark ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Symlinks & chroot - Is it Possible?
I use mount_null and have no problem with it. You need create dir in each user home and use mount_null for mount your chrooted dir with created directories as mount points . So you need add many lines in your /etc/fstab file . I think that words in manual about beta concern writing in directory that uses mount_null. I don't use write and it seems that you don't need write too. So use this fs type ( set in fstab "ro" option for this mount point). And read man for mount_null. Drew Tomlinson wrote: I have a few users that I wish to allow FTP access on my 4.9-RELEASE-p4 system. I've setup their accounts and added them to /etc/ftpchroot to lock them into their login directories. They are in the standard /home/user dirs. However, I want all of them to have access to another directory (/ftp/share) that is setup read-only. I tried adding a symlink to /ftp/share but I've found this doesn't work when the user is chrooted. I've Googled on this issue. A FAQ for PureFTPd confirms this and suggests mount_null. But the man page for mount_null says that the code is beta and may wipe out a file system. What is the best way to achieve my objective? If mount_null is it, how do I use it? Do I include it in some sort of login script? I've set these users shells to nologin. How would that work? Thanks, Drew ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"