Hey. I've recently found out that when vsFTPd is set to chroot users, symlinks that point to outside the users home dir don't work. For example, a symlink in /home/user/backups, which points to /code/backups, does not work. As in, vsFTPd will give a "permission denied" when trying to follow the symlink.

I've googled this, and found out that, in Linux, a way to get around this issue is to run something like:
"mount --bind /code/backups /home/user/backups"

Is there anything similar to this --bind switch in mount for FreeBSD? I really want to restrict the FTP users to their home dir, but I also really want them to be able to access the backups. And, unfortunately, I'm unable to switch to a different FTP daemon due to politics ;-)

Thanks for any suggestions.

EDIT: Now that I think about it, I could always run vsFTPd from within a jail somehow, which will allow me to remove the chroot restriction. I have no experience with jails though.

You could use a nullfs mount I think, see the mount_nullfs (http://www.FreeBSD.org/cgi/man.cgi?query=mount_nullfs&apropos=0&sektion=0&manpath=FreeBSD+7.0-RELEASE&format=html) man page for more info.

I read the manpage and it seemed like it would work, however, I'm getting the following error:

# mkdir /usr/home/user/backups
# mount_nullfs -o ro /usr/local/backups /usr/home/user/backups
mount_nullfs: Operation not supported by device
# mount_nullfs /usr/local/backups /usr/home/user/backups
mount_nullfs: Operation not supported by device

I'm not using any odd filesystem setups, but I am running a custom kernel. Maybe the lack of a kernel option is causing the error? Anyway, here's the output of 'mount', in case it helps:

/dev/ad0s1a on / (ufs, local, noatime)
devfs on /dev (devfs, local)
/dev/ad0s1e on /tmp (ufs, local, noatime, noexec, nosuid, soft-updates)
/dev/ad0s1f on /usr (ufs, local, noatime, soft-updates)
/dev/ad0s1d on /var (ufs, local, noatime, nosuid, soft-updates)

Thanks a lot :D

I can tell you the reason why it doesn't work, but I can't help you on a work-around.

It doesn't work because it's not supposed to. The user is chrooted, and following a symlink outside that chroot would defeat the purpose of being chrooted.

You could use hardlinks too.
But as hardlinks won't link to a directory, you propably dont want that.

Do you have a custom kernel?
You need either

options NULLFS

in your kernel configuration file, or load the kernel module.

check man page (http://www.freebsd.org/cgi/cvsweb.cgi/src/share/man/man5/nullfs.5) for more information. Unfortunately it's not yet in -STABLE branches...That reminds me that I should MFC it :-)