vsFTPd: chroot and symlinks

APseudoUtopia

Member

Thanks: 1
Messages: 20

#1
Hey. I've recently found out that when vsFTPd is set to chroot users, symlinks that point to outside the users home dir don't work. For example, a symlink in /home/user/backups, which points to /code/backups, does not work. As in, vsFTPd will give a "permission denied" when trying to follow the symlink.

I've googled this, and found out that, in Linux, a way to get around this issue is to run something like:
"mount --bind /code/backups /home/user/backups"

Is there anything similar to this --bind switch in mount for FreeBSD? I really want to restrict the FTP users to their home dir, but I also really want them to be able to access the backups. And, unfortunately, I'm unable to switch to a different FTP daemon due to politics ;-)

Thanks for any suggestions.

EDIT: Now that I think about it, I could always run vsFTPd from within a jail somehow, which will allow me to remove the chroot restriction. I have no experience with jails though.
 
OP
OP
A

APseudoUtopia

Member

Thanks: 1
Messages: 20

#3
I read the manpage and it seemed like it would work, however, I'm getting the following error:

# mkdir /usr/home/user/backups
# mount_nullfs -o ro /usr/local/backups /usr/home/user/backups
mount_nullfs: Operation not supported by device
# mount_nullfs /usr/local/backups /usr/home/user/backups
mount_nullfs: Operation not supported by device
I'm not using any odd filesystem setups, but I am running a custom kernel. Maybe the lack of a kernel option is causing the error? Anyway, here's the output of 'mount', in case it helps:

/dev/ad0s1a on / (ufs, local, noatime)
devfs on /dev (devfs, local)
/dev/ad0s1e on /tmp (ufs, local, noatime, noexec, nosuid, soft-updates)
/dev/ad0s1f on /usr (ufs, local, noatime, soft-updates)
/dev/ad0s1d on /var (ufs, local, noatime, nosuid, soft-updates)
Thanks a lot :D
 

cajunman4life

Active Member

Thanks: 20
Messages: 119

#4
I can tell you the reason why it doesn't work, but I can't help you on a work-around.

It doesn't work because it's not supposed to. The user is chrooted, and following a symlink outside that chroot would defeat the purpose of being chrooted.
 

oversize

New Member

Thanks: 1
Messages: 17

#5
You could use hardlinks too.
But as hardlinks won't link to a directory, you propably dont want that.
 

danger@

Administrator
Staff member
Administrator
Moderator
Developer

Thanks: 345
Messages: 981

#6
Do you have a custom kernel?
You need either

Code:
options NULLFS
in your kernel configuration file, or load the kernel module.

check man page for more information. Unfortunately it's not yet in -STABLE branches...That reminds me that I should MFC it :)
 
Top