LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   vsftpd chroot, want to allow a directory from elsewhere (http://www.linuxquestions.org/questions/linux-security-4/vsftpd-chroot-want-to-allow-a-directory-from-elsewhere-562183/)

60s TV Batman 06-16-2007 01:47 AM

vsftpd chroot, want to allow a directory from elsewhere
 
I have an FTP user set up that is chroot'd to his own directory. This is set up in vsftpd. The user has no shell (/dev/null), so no ssh access, but does have a home directory (/home/ftp/user/)

This is all working just fine.

But I'd like to also give the user access to his own web directory (e.g. /var/www/html/user/).

I created a symbolic link from within the user's own FTP directory (/home/ftp/user/symboliclink). The link shows up in FTP, but can't be clicked on (no doubt due to chroot).

Is there a way to make an exception for the symbolic link?

Specifically, the user should be able to access the /var/www/html/user/ directory via the symbolic link.

The user should not be able to see everything below his own html/user/ directory, but nothing above it.

p_s_shah 06-16-2007 04:36 AM

Why dont you change user's home directory from /home/ftp/user to /var/www/html/user instead of creating symbolic link ?

60s TV Batman 06-16-2007 04:39 AM

Quote:

Originally Posted by p_s_shah
Why dont you change user's home directory from /home/ftp/user to /var/www/html/user instead of creating symbolic link ?

Because this user needs to be able to download database backups, and I don't want those files online

Gethyn 06-16-2007 08:37 AM

What about creating an html directory inside the user's home directory, and then making a symbolic link to that inside the www directory?

60s TV Batman 06-16-2007 08:43 AM

Quote:

Originally Posted by Gethyn
What about creating an html directory inside the user's home directory, and then making a symbolic link to that inside the www directory?

Nice idea.

Tried it, and ran into the same problem with the files in my includes directory. These are in a different tree to apache's root.

I don't want my generic includes directory inside this client's FTP tree.

Hmmmm....

Gethyn 06-16-2007 08:59 AM

Okay, that's the setup I use on my server. If you're using apache, You may need to add "Options FollowSymLinks" in suitable places in your httpd.conf.


All times are GMT -5. The time now is 01:56 AM.