From owner-freebsd-questions@FreeBSD.ORG Sun Apr 4 08:56:51 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA39716A4CF for ; Sun, 4 Apr 2004 08:56:51 -0700 (PDT) Received: from relay04.roc.ny.frontiernet.net (relay04.roc.ny.frontiernet.net [66.133.131.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id 56C5843D53 for ; Sun, 4 Apr 2004 08:56:51 -0700 (PDT) (envelope-from drew@mykitchentable.net) Received: (qmail 6114 invoked from network); 4 Apr 2004 15:56:50 -0000 Received: from 67-51-124-168.dsl1.elk.ca.frontiernet.net (HELO blacklamb.mykitchentable.net) ([67.51.124.168]) (envelope-sender )SMTP for ; 4 Apr 2004 15:56:50 -0000 Received: from mykitchentable.net (lugalong.mykitchentable.net [192.168.1.25]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by blacklamb.mykitchentable.net (Postfix) with ESMTP id 60A4A3BF4D1; Sun, 4 Apr 2004 08:56:49 -0700 (PDT) Message-ID: <40703043.4040908@mykitchentable.net> Date: Sun, 04 Apr 2004 08:56:51 -0700 From: Drew Tomlinson User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Mark References: <406EF598.5000508@mykitchentable.net> <200404032013.I33KDPWD023137@asarian-host.net> In-Reply-To: <200404032013.I33KDPWD023137@asarian-host.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-questions@FreeBSD.ORG Subject: Re: Symlinks & chroot - Is it Possible? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Apr 2004 15:56:51 -0000 On 4/3/2004 12:13 PM Mark wrote: >Drew Tomlinson wrote: > > > >>I have a few users that I wish to allow FTP access on my >>4.9-RELEASE-p4 system. I've setup their accounts and added them to >>/etc/ftpchroot to lock them into their login directories. >>They are in the standard /home/user dirs. >> >>However, I want all of them to have access to another directory >>(/ftp/share) that is setup read-only. I tried adding a symlink to >>/ftp/share but I've found this doesn't work when the user is chrooted. >> >> > > >True. A symlink cannot traverse 'up' the chroot; only a hardlink can (to a >file). Personally, I would not use something as beta as "mount_null". When >the man pages say: "(READ: IT DOESN'T WORK)", I would stay clear of it. > >There are other ways, though. You say your chroot is at: > > /etc/ftpchroot > > Thank you for your reply. No, I created the file /etc/ftpchroot to chroot the user at /home/. Sorry for the confusion. >I'm not necessarily sure whether the root-partition is the best place for a >chroot; > Agreed. >but working from that fact, you could "reverse" the condition. >Instead of trying to link to /ftp/share, from within the chroot, you could >do the opposite: first create the following directory: > > /etc/ftpchroot/ftp/share > >Then, in /ftp/, symlink to within the chrooted dir: > > share -> /etc/ftpchroot/ftp/share > >Then "/ftp/share" is accessible from both the 'real' and the chrooted >environment, pointing to the same directory. > > Short of another solution, I may move things around to implement your suggestion. Thanks, Drew