I started this question on
http://www.linuxquestions.org/questi...ry-4175503084/, but was a little scattered on the requirements, and would like to start over.
I am trying to restrict a given user to sftp access for a given sub-directory. I have a couple of non-root users which must have access to the sub-directory's parent directories. This prevents the normal solution to chroot/jail the user to a given directory as the parent directories must be only available to root, else it will result in a "Write failed: Broken pipe" error.
As a work around, I moved the sub-directory to a new directory (/home/public/). I then jailed the user in /home/public/ doing something like the following:
Code:
# /etc/ssh/sshd_config
Subsystem sftp internal-sftp
Match Group jailed
ChrootDirectory /home/public
ForceCommand internal-sftp
AllowTcpForwarding no
mkdir /home/public
chown root:root /home/public
chmod 0755 /home/public
useradd -M -N -s /bin/false -d /home/public Bert
usermod -G jailed Bert
But now need to put the directory back in it's original location. To do so, I was going to mount it, and not use a symbolic link because I have Git version control on the sub-directories parent directory, and Git will only track the symbolic link as a file and not track it's content.
Reading the MAN, it looks like mount's --bind leaves it in both locations (am I correct?), so I tried the following, and it seemed to work.
Code:
mount --bind /home/public/mySubDirectory /var/www/application/mySubDirectory
I wanted the mount to automatically occur on boot, so I added the following to my /etc/fstab file:
Code:
/home/public/mySubDirectory /var/www/application/mySubDirectory/ayb_application/lib none bind
It seems to me that this should have been simpler. Is the way I did this correct? Thank you