28

I'm trying to set up sftp so that a few trusted people can access/edit/create some files. I have jailed a user into their home directory (/home/name) but have run into a problem. I want for them to also be able to access other parts of the VPS because it is also a game server, webhost, etc, and I want for them to be able to have full control of files outside their jailed directory.

I tried making a symlink (ln -s) to the desired directory but it does not work, as expected. I tried (cp -rl) to the files that I wanted to give access and it worked -- they can edit the files in their directory and it changes the one stored outside of jail. BUT they cannot create new files (they can but it won't update outside of jail). I know I'm probably not doing this the "right way" but what can I do to do what I want?

dukevin
  • 1,610
  • 3
  • 18
  • 25

1 Answers1

51

Symlinks are purely symbolic: they contain nothing but a path, so when you open a symlink, the OS reads the path and uses that instead. In a chroot environment, links (especially ones with absolute paths) typically don't point to the same place they pointed to in the normal environment.

If the server OS is Linux, your best bet is to bind-mount the entire directory somewhere inside the chroot directory. When using this, its important to remember that this is not a copy of the directory, anything deleted here will be removed from the other directory (important if the user can mv files or rm -rf). To do this:

mount --bind /some/directory /somewhere/else

The files in the directory ought to be real files. Symlinks here will probably have the same problems you have trying to link to the files in the first place.

DerfK
  • 19,313
  • 2
  • 35
  • 51
  • Thanks for your answer. Can you please explain or point me to a tutorial on how I can get this to work? I have ssh disabled for the guests so they only have sftp access. What file do I put this command? – dukevin Oct 20 '12 at 02:59
  • Though it is not widely advisable, you could create directory hardlinks as well, which would be simpler, but only if all the files are on the same device. – Falcon Momot Oct 20 '12 at 07:05
  • What's the command for that – dukevin Oct 20 '12 at 08:14
  • @KevinDuke This isn't something the users can do themselves, only root can use `mount` this way. There may be a way to specify it in `/etc/fstab` so it's done automatically on boot but I'm not sure how – DerfK Oct 20 '12 at 13:14
  • 1
    Thank you. I read some tutorials and figured it out. Your answer really helped point me in the right direction. Thanks! For those who want know, these helped: http://aplawrence.com/Linux/mount_bind.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mount-unmount.html http://www.redbottledesign.com/mirroring-files-different-places-links-bind-mounts-and-bindfs-0 – dukevin Oct 20 '12 at 16:25