From owner-freebsd-questions@FreeBSD.ORG Sat Apr 3 12:13:55 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DFB7716A4CE for ; Sat, 3 Apr 2004 12:13:55 -0800 (PST) Received: from asarian-host.net (mail.asarian-host.net [194.109.160.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 039BD43D41 for ; Sat, 3 Apr 2004 12:13:55 -0800 (PST) SRS0=jHl40GwB=G7=asarian-host.net=admin@asarian-host.net) Comments: To protect the identity of the sender, certain header fields are either not shown, or masked. Anonymous email accounts can be requested by filling in the appropriate form at: https://asarian-host.net/cgi-bin/signup.cgi Received: (from root@localhost) by mail.asarian-host.net (8.12.11/8.12.11) id i33KDrvF023150 for freebsd-questions@freebsd.org; Sat, 3 Apr 2004 22:13:53 +0200 (CEST) (envelope-from admin@asarian-host.net) From: Mark Received-SPF: pass (asarian-host.net: domain of admin@asarian-host.net designates sender IP as SASL permitted sender) Message-Id: <200404032013.I33KDPWD023137@asarian-host.net> Date: Sat, 03 Apr 2004 20:13:52 GMT X-Authenticated-Sender: admin@asarian-host.net X-Trace: /RQC13+ibktCQ031GZszs+INP/yttXqJ8j1azsw/wyaPteHq0ss+jn1Of4SyAHFdL56x9lOYIM5yn7fmPicpzw== X-Complaints-To: abuse@asarian-host.net X-Abuse-Info: Please be sure to forward a copy of ALL headers, otherwise we are unable to process your complaint Organization: Asarian-host To: "Drew Tomlinson" References: <406EF598.5000508@mykitchentable.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Auth: Asarian-host PGP signature iQEVAwUAQG8bATFqW1BleBN9AQGbUgf/dsfJ12Wm/O5zclS91EBoIMWtLjWpxBqS 33Q7uL88+qzrK5RlI6gpavEiUFbbGspJAsjh5sL2brkAbOXUIOxvfXFT9yDI/Ktw aEK3bjqZqrlHPuf8IXRa+u/gTsb/Vn9Qbb3WGipFfNXC7YaU0B9PNBnvxe8e2vEg jel6qhZmJase7nKePWtkNWgkzlUUktpWdz1aXbCN1bJ5m+tWwr2n49UAz16nQfrx UALWifZHooSM02takW4J2QCAGGK425vKJLXsJ733MdDpd0vmUZgMYFm34LTSJe+f YX36DcYDrLcSSv0AWvuwqD0Q23oLElq1EQyXwdpIE1GEH8lWaoHQ0Q== =nmpl cc: freebsd-questions@freebsd.org Subject: Re: Symlinks & chroot - Is it Possible? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Apr 2004 20:13:56 -0000 Drew Tomlinson wrote: > I have a few users that I wish to allow FTP access on my > 4.9-RELEASE-p4 system. I've setup their accounts and added them to > /etc/ftpchroot to lock them into their login directories. > They are in the standard /home/user dirs. > > However, I want all of them to have access to another directory > (/ftp/share) that is setup read-only. I tried adding a symlink to > /ftp/share but I've found this doesn't work when the user is chrooted. True. A symlink cannot traverse 'up' the chroot; only a hardlink can (to a file). Personally, I would not use something as beta as "mount_null". When the man pages say: "(READ: IT DOESN'T WORK)", I would stay clear of it. There are other ways, though. You say your chroot is at: /etc/ftpchroot I'm not necessarily sure whether the root-partition is the best place for a chroot; but working from that fact, you could "reverse" the condition. Instead of trying to link to /ftp/share, from within the chroot, you could do the opposite: first create the following directory: /etc/ftpchroot/ftp/share Then, in /ftp/, symlink to within the chrooted dir: share -> /etc/ftpchroot/ftp/share Then "/ftp/share" is accessible from both the 'real' and the chrooted environment, pointing to the same directory. - Mark