From owner-freebsd-isp@FreeBSD.ORG Wed Jun 4 07:34:30 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4244237B40A for ; Wed, 4 Jun 2003 07:34:30 -0700 (PDT) Received: from mail.munk.nu (213-152-51-194.dsl.eclipse.net.uk [213.152.51.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5F6C843FA3 for ; Wed, 4 Jun 2003 07:34:26 -0700 (PDT) (envelope-from munk@mail.munk.nu) Received: from munk by mail.munk.nu with local (Exim 4.20) id 19NZLN-000NCm-9C for freebsd-isp@freebsd.org; Wed, 04 Jun 2003 15:34:25 +0100 Date: Wed, 4 Jun 2003 15:34:25 +0100 From: Jez Hancock To: FreeBSD ISP List Message-ID: <20030604143425.GB88470@users.munk.nu> Mail-Followup-To: FreeBSD ISP List Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i Sender: User Munk Subject: proftpd, mass virtual hosting and symlinks X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 14:34:31 -0000 Hi all, Our webserver serves a large number of domains and the partitioning scheme is setup like this: /home - contains all shell related items for users (we allow shell logins) /www - contains all documentroots for the server A typical user's documentroot resides in: /home/user/web/example.com/www/ which is a symlink to /www/example.com/www The idea was to save time on httpd requests by serving files from a dedicated partition and similar issues also exist for suexec cgi-bin trees and logfile trees. The problem then is that when a user logs in via proftpd, if we use 'DefaultRoot ~' to chroot the users to their home directories, the user is unable to follow the symlink to their web docroot(s) because of the old chestnut with chrooting disallowing symlinks out of the chroot root directory. I've read through the manual for proftpd, particularly this: http://proftpd.linux.co.uk/localsite/Userguide/linked/chroot-symlinks.html which suggests instead of symlinking, mount each (currently symlinked) directory in the target directory, something like: mount_null /www/example.com/www /home/user/web/example.com/www Questions: Is proftpd a viable option for mass vhosting given this type of partitioning scheme? If so, how would I configure proftpd to handle symlinks whilst still not allowing users to break out of their home directory? If proftpd is not the best option - what other ftpd are recommended? I understand PureFTPD implements a 'quasi' chrooting system via a module mod_vroot - is this a better option (proftpd also appears to have support for mod_vroot, but docs are sparse)? TIA, Jez