Re: Re: chroot & mount --bind = security ?
From: Scott Gifford (sgifford_at_suspectclass.com)
Date: Fri, 9 Apr 2004 17:21:44 -0400 To: Marius Huse Jacobsen <firstname.lastname@example.org>
Marius Huse Jacobsen <email@example.com> writes:
> Hello link,
> Tuesday, April 6, 2004, 8:28:01 PM, you wrote:
> >> I would like to do like this :
> >> - A folder /var/www witch contains my html documents
> >> - mount --bind /var/www /chroot/httpd/var/www to allow the web server to access them
> >> - mount --bind /var/www /chroot/ftpd/var/www to allow the ftp server to update them
> l> This is how I do it for my chroot'd ftp server, since 'ln -s' obviously
> How about 'ln' ?
> Presuming they are on the same mount point and media, a "hard link"
> shouldn't be a problem.
> I've never seen hard links being "not recommended" - perhaps except
> when symlinks could do the job.
Most filesystems I've used are intolerant of hardlinks between
[sgifford@sghome sgifford]$ ln tmp tmp2
ln: `tmp': hard link not allowed for directory
The manpage on Linux says you can hardlink directories if you're
superuser, although I couldn't get the flags to work. On Solaris I've
created hardlinked directories before, but fsck destroyed them
whenever it ran, and I eventually used a solution much like the OP's.
IIRC, the manpage said directory hardlinks weren't recommended to
"prevent your directory tree from becoming an arbitrary mishmash."