Hi,
As a server admin, I've recently made a huge mistake and removed user data inadvertently. The mistake happened because of the way that I have my filesystem setup. The OS is FC4, and the environment is multiuser and educational. To ease access to data on the server, we've approached the system build with multiple groups and users, with shared write access to many resources that are needed for class. With the idea of moving toward a fully chroot jailed environment, I had to consider access to files in areas like /var. For example, the use of darcs repositories. I created a directory /var/www/darcs, and granted write permission to the darcs group. To allow chrooting, I then mounted that directory into the user's home directories:

This works quite well, and allows me to prevent the use of sym links, making ftp maintenance easier etc. Unfortunately, what I didn't consider was how I normally go about removing old user directories. My normal process of doing this is:

Well, because of my filesystem structure, and the fact that the /var/www/darcs directory is directly mounted in the user's home directory, the rm -rf [user] command decended into each directory within the users home directory, including the /var/www/darcs directory, and now, I have destroyed that data. I don't believe that data was production yet, but the professor spent time getting those areas setup for the students to use.

So, what's my question? Well, thinking of chroot jails, vsftp not allowing symlinks, and many other problems associated to symlinks, how would you suggest I setup the system to allow full chroot jails, and also access to shared locations of the filesystem, protecting them from stupid mistakes like mine?

Thanks for any and all suggestions!
Mike.

Keep doing what you are doing - except chown the shared portions of the filesystem to a system user account and group that is not in use anywhere else on the system. Then, using chmod, set the sticky bit recursively so that noone other than the files owner can change/delete them.

Your other option would be to NFS export the shared dir's RO, and mount them within the chroot jail.

is the sticky bit applicable to root though? I did the rm -rf as root. Thanks for the advice, I will do that to protect against the other users, and I'm working on scripts to handle deleting users to avoid forgetting to unmount etc.

Thanks!
Mike.

Thanks for your advice on this, and for confirming that the way I am going about the filesystem structure is okay. I also spoke with a co-worker, and he suggested that a safer way of doing a recursive rm would be to use the find command which you can then limit to specific uid/gid, tell it not to leave the current filesystem, only go a certain depth to avoid removing all directories etc. I thought I'd share this incase anybody was following the thread and interested in other ways of safely rm -rf'ing. Thanks again!

Mike.