I'm currently sing ProFTPd with mount points to "emulate" dir sym links. However, the problem is, what to do when you have file symlinks? I could hard link them, but this means replacing all of my symlinks, which is a giant PITA. So, is there a different FTP server that I could install instead which can resolve symlinks?
Asked
Active
Viewed 1,770 times
3
-
FYI, after running across this question, I opened a ProFTPD [feature request](http://bugs.proftpd.org/show_bug.cgi?id=4219) to handle this situation better. Cheers! – Castaglia Jan 21 '16 at 00:02
2 Answers
4
I don't think that there is a FTP daemon which can circumvent the chroot(2) syscall. And if there was such a daemon, I wouldn't use it because it opens a lot of security holes.
What's the point chrooting the users anyway if you want them to access the whole file system (through manipulated symbolic links)?
joschi
- 20,747
- 3
- 46
- 50
-
Yeah I guess if they could manipulate the symlinks then it'd be a big security hole. Could you suggest any work-arounds, other than hard links? – Nick Bolton Jul 11 '10 at 20:39
-
Depending on your actual file system layout and which files/directories you want to make available in the `chroot` environment you might have success with an overlay file system like AUFS (http://aufs.sourceforge.net/). – joschi Jul 12 '10 at 05:19
0
If you can organize the set of files to be shared to be on the same filesystem then you could do the following: create a directory, create hard links to each of the files you want to share in that directory, bind mount that directory somewhere into the chroot' jail's view of the filesystem. For files on a different filesystem simply repeat the above process. This does have the disadvantage of an extra step but that is the price of hard links. Once the files are visible to your chrooted FTP server then you can create symlinks to prettify things.
This is independent of the FTP server used. Every FTP server out there relies absolutely on the filesystem layer for file management. If there is one that doesn't, I'd recommend staying away from it.
Allen
- 1,315
- 7
- 12