proftpd chroot with mount --bind /source_dir/ /dest_dir/

To: "debian-isp@lists.debian.org" <debian-isp@lists.debian.org>
Cc: Josh Bonnett <nodus@brave.cs.uml.edu>
Subject: proftpd chroot with mount --bind /source_dir/ /dest_dir/
From: Dan MacNeil <omacneil@brave.cs.uml.edu>
Date: Sat, 31 Jul 2004 22:07:27 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.4.58.0407312154430.4353@brave.cs.uml.edu>
In-reply-to: <1079725713.30503.2.camel@redbull.qnetp.net>
References: <405A8830.70905@v5.be> <1079725713.30503.2.camel@redbull.qnetp.net>

We don't have per domain accounts we have user accounts with access to
web files for various domains.

We're looking to chroot user's ftp sessions to their home directory. with
a "site" sub directory.

something like:

	/ 		== /home/people/user
	/sites  	== /home/sites/
	/sites/site_01	== /home/sites/site_01
	/sites/site_01	== /home/sites/site_02


chrooting breaks symbolic links

The (pretty good) faq at the proftpd site suggests using the

mount --bind /source_dir /dest_dir_01
mount --bind /source_dir /dest_dir_02

feature which is available in 2.4 and greater kernels.

I'm mildly concerned about how hundreds or thousands of these mounts will
effect stability.

I'm even more curious about implementation details from people that have
done this.

Everyone that has access to a site's files is in a group named after the
site.

btw, despite not making  entries in fstab, the (3) mount --bind
commands I did survived a reboot, which is curious.

Reply to:

Prev by Date: recent php security update
Previous by thread: recent php security update
Index(es):
- Date
- Thread