LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-19-2007, 04:01 PM   #1
blizunt7
Member
 
Registered: Mar 2004
Distribution: Fedora Core 1,2,3, RHEL3,4,5 Ubuntu
Posts: 272

Rep: Reputation: 30
vsftpd and chroot_local_user / issue with linked directory


Hey all,
I have my users when they log in, loggin into:
Code:
/home/ftp/user
Within each user folder is a symbolic link to a directory below the users home:
Code:
/home/ftp/www/user_web
as such:
Code:
[root@ftp1 user]$pwd
/home/ftp/user
[root@ftp1 user]$ls -l
total 4
drwxrwxr-x  3 userguest     userguest     4096 Aug 19 14:53 client_ftp
lrwxrwxrwx  1 user user   23 Aug 19 15:40 user_web -> ../www/user_web/
I add in vsftpd.conf the directive:
Code:
chroot_local_user=YES
so that users cant "cd" to higher directories, and see the contents of other directories. HOWEVER when i did this, the directory that i have an a symbolic link failed to work, as it is a directory level higher.

What can I do to prevent users from seeing directories higher "cd ..", but at the same time, allow access to a SINGLE directory via the link??

THanks so much!
 
Old 08-19-2007, 05:01 PM   #2
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
Hi.

It's a short answer: You can't.

If a user is chroot'ed, then they can only see files below the jail directory. Links which point outside the jail won't be traversable.

It might be easier to reverse the link, so that the content exists in the jail, and is linked to from outside.

Dave
 
Old 08-19-2007, 05:10 PM   #3
blizunt7
Member
 
Registered: Mar 2004
Distribution: Fedora Core 1,2,3, RHEL3,4,5 Ubuntu
Posts: 272

Original Poster
Rep: Reputation: 30
I was afraid of that.

Thanks
 
Old 08-20-2007, 12:18 PM   #4
jeenam
Member
 
Registered: Dec 2006
Distribution: Slackware 11
Posts: 144

Rep: Reputation: 15
There are two ways to work around your problem.

1) Use aufs to create a 'union' mount (http://aufs.sourceforge.net/)

2) Use a 'bind' mount (http://aplawrence.com/Linux/mount_bind.html)

Personally I use an aufs implementation, though bind mounting should work. aufs allows filesystems to be overlayed on top of one another which is an easy way to combine the contents of multiple directories into one single directory. 'bind' mounting simply allows a directory to be mounted at another location in the filesystem.

Both will work to accomodate your jail scenario.

::There is hope::
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftpd.conf/chroot/vsftpd.chroot_list issue Jerman Linux - Security 2 06-01-2007 08:24 PM
vsftpd - chroot_local_user=YES is not working madmike_5150 Ubuntu 9 05-24-2007 01:22 AM
konquerror error: you have linked konq to inode/directory ... Tarzan-81 Linux - Software 5 01-13-2006 06:04 AM
vsftpd "chroot_local_user=YES" not working gagda1 Linux - Networking 3 05-12-2004 09:02 PM
How to unlink a directory that is not linked? J_Szucs Linux - Newbie 5 01-09-2003 11:58 PM


All times are GMT -5. The time now is 05:09 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration