From owner-freebsd-isp@FreeBSD.ORG Wed Jun 4 11:57:52 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 25C1C37B401 for ; Wed, 4 Jun 2003 11:57:52 -0700 (PDT) Received: from opium.co.za (opium.co.za [196.34.165.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id AFE9D43F93 for ; Wed, 4 Jun 2003 11:57:50 -0700 (PDT) (envelope-from mark@opium.co.za) Received: from mark (helo=localhost) by opium.co.za with local-esmtp (Exim 4.12) id 19NdS4-0002J6-00; Wed, 04 Jun 2003 20:57:36 +0200 Date: Wed, 4 Jun 2003 20:57:36 +0200 (SAST) From: Mark Bojara X-X-Sender: mark@opium.co.za To: Jez Hancock In-Reply-To: <20030604143425.GB88470@users.munk.nu> Message-ID: <20030604205424.K1873-100000@opium.co.za> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: mark cc: FreeBSD ISP List Subject: Re: proftpd, mass virtual hosting and symlinks X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 18:57:52 -0000 Hi Jez, You could always do something like: mount_null /www/example.com/www /home/user/web/example.com/www Not sure how effective this is large scale. Chow Mark ---------------------------------------------------------------- Why doesn't DOS ever say "Excellent command or filename!" ---------------------------------------------------------------- On Wed, 4 Jun 2003, Jez Hancock wrote: >Hi all, > >Our webserver serves a large number of domains and the partitioning >scheme is setup like this: > >/home - contains all shell related items for users (we allow shell logins) >/www - contains all documentroots for the server > >A typical user's documentroot resides in: > >/home/user/web/example.com/www/ > >which is a symlink to > >/www/example.com/www > >The idea was to save time on httpd requests by serving files from a >dedicated partition and similar issues also exist for >suexec cgi-bin trees and logfile trees. > >The problem then is that when a user logs in via proftpd, if we use >'DefaultRoot ~' to chroot the users to their home directories, the user >is unable to follow the symlink to their web docroot(s) because of the >old chestnut with chrooting disallowing symlinks out of the chroot root >directory. > >I've read through the manual for proftpd, particularly this: >http://proftpd.linux.co.uk/localsite/Userguide/linked/chroot-symlinks.html > >which suggests instead of symlinking, mount each (currently symlinked) >directory in the target directory, something like: > >mount_null /www/example.com/www /home/user/web/example.com/www > >Questions: >Is proftpd a viable option for mass vhosting given this type of >partitioning scheme? If so, how would I configure proftpd to handle symlinks >whilst still not allowing users to break out of their home directory? > >If proftpd is not the best option - what other ftpd are recommended? I >understand PureFTPD implements a 'quasi' chrooting system via a module >mod_vroot - is this a better option (proftpd also appears to have >support for mod_vroot, but docs are sparse)? > >TIA, >Jez >_______________________________________________ >freebsd-isp@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-isp >To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >