Re: Re[2]: chroot & mount --bind = security ?

From: Scott Gifford (sgifford_at_suspectclass.com)
Date: 04/09/04

  • Next message: Sam Baskinger: "Re: chroot & mount --bind = security ?"
    Date: Fri, 9 Apr 2004 17:21:44 -0400
    To: Marius Huse Jacobsen <mahuja@c2i.net>
    
    

    Marius Huse Jacobsen <mahuja@c2i.net> writes:

    > Hello link,
    >
    > Tuesday, April 6, 2004, 8:28:01 PM, you wrote:
    >
    > >> I would like to do like this :
    > >>
    > >> - A folder /var/www witch contains my html documents
    > >> - mount --bind /var/www /chroot/httpd/var/www to allow the web server to access them
    > >> - mount --bind /var/www /chroot/ftpd/var/www to allow the ftp server to update them
    >
    > l> This is how I do it for my chroot'd ftp server, since 'ln -s' obviously
    >
    > How about 'ln' ?
    > Presuming they are on the same mount point and media, a "hard link"
    > shouldn't be a problem.
    >
    > I've never seen hard links being "not recommended" - perhaps except
    > when symlinks could do the job.

    Most filesystems I've used are intolerant of hardlinks between
    directories:

        [sgifford@sghome sgifford]$ ln tmp tmp2
        ln: `tmp': hard link not allowed for directory

    The manpage on Linux says you can hardlink directories if you're
    superuser, although I couldn't get the flags to work. On Solaris I've
    created hardlinked directories before, but fsck destroyed them
    whenever it ran, and I eventually used a solution much like the OP's.
    IIRC, the manpage said directory hardlinks weren't recommended to
    "prevent your directory tree from becoming an arbitrary mishmash."

    ----ScottG.


  • Next message: Sam Baskinger: "Re: chroot & mount --bind = security ?"