Hi.
I have a webserver (sausage) which mounts the bulk of its storage from a fileserver (pudding.) At the moment, on sausage, I mount /mnt/data -> //pudding/data then also on sausage, bind mount /srv to /mnt/data/srv. However, I can't get the mounts setup up such that when a web user SSH's into a chroot jail located under /srv/www/clients/clientx/weby (using jailkit) they still have adequate permissions.
The issue is I can't find a way to mount it such that it doesn't force a single UID/GID across all of /srv. I understand the problem I'm facing is exactly how it's meant to work - it's a security feature.
In it's current state, a user can connect, browse and edit files they own, yet if they try and create a new file, it creates a 0 byte file with root:root owner (as thats the GID/UID of the lowest level mount.) Since the file is not owned by the user, they can't edit or write to the file. If I chown the new file over to the user, they can edit it fine after that, just not create them.
Ideally I'd like the user to be able to install and use php scripts such as composer, but trying to do that at the moment doesn't work, because extracting the files fails in the same way (e.g. lots of errors and 0B files)
The ideal solution would be individually mount each of the users directories and set gid/uid like that. However, each user has 4 directories they need, and there is a limit of 255 mount points for a single file system (as discussed here:
http://serverfault.com/questions/464...any-nfs-mounts)
Currently the mount is a CIFS mount, but I've tried it with NFS also and can't figure it out.
It's similar to the issue described here:
http://www.linuxquestions.org/questi...er-4175464867/
Except I'm more flexible (as in I'm not restricted to samba) yet have the extra restriction of using jailkit (e.g. post #2 in that thread suggests something including chmod 777 which jailkit wont allow - "not a secure chroot")
Thanks in advanced