Re: Re[2]: chroot & mount --bind = security ?

From: Scott Gifford (sgifford_at_suspectclass.com)
Date: 04/09/04

  • Next message: Sam Baskinger: "Re: chroot & mount --bind = security ?"
    Date: Fri, 9 Apr 2004 17:21:44 -0400
    To: Marius Huse Jacobsen <mahuja@c2i.net>
    
    

    Marius Huse Jacobsen <mahuja@c2i.net> writes:

    > Hello link,
    >
    > Tuesday, April 6, 2004, 8:28:01 PM, you wrote:
    >
    > >> I would like to do like this :
    > >>
    > >> - A folder /var/www witch contains my html documents
    > >> - mount --bind /var/www /chroot/httpd/var/www to allow the web server to access them
    > >> - mount --bind /var/www /chroot/ftpd/var/www to allow the ftp server to update them
    >
    > l> This is how I do it for my chroot'd ftp server, since 'ln -s' obviously
    >
    > How about 'ln' ?
    > Presuming they are on the same mount point and media, a "hard link"
    > shouldn't be a problem.
    >
    > I've never seen hard links being "not recommended" - perhaps except
    > when symlinks could do the job.

    Most filesystems I've used are intolerant of hardlinks between
    directories:

        [sgifford@sghome sgifford]$ ln tmp tmp2
        ln: `tmp': hard link not allowed for directory

    The manpage on Linux says you can hardlink directories if you're
    superuser, although I couldn't get the flags to work. On Solaris I've
    created hardlinked directories before, but fsck destroyed them
    whenever it ran, and I eventually used a solution much like the OP's.
    IIRC, the manpage said directory hardlinks weren't recommended to
    "prevent your directory tree from becoming an arbitrary mishmash."

    ----ScottG.


  • Next message: Sam Baskinger: "Re: chroot & mount --bind = security ?"

    Relevant Pages

    • Re: Re[2]: chroot & mount --bind = security ?
      ... > Most filesystems I've used are intolerant of hardlinks between ... and Linux doesn't allow hard links to directories (nor do some other ... Linux' linkmanpage says: ...
      (Focus-Linux)
    • Re: undocumented tar --unlink switch
      ... which I don't see mentioned in the tarmanpage. ... happen to know what this does, or do I need to dig into the ... -U Unlink files before creating them. ... With this option, existing hardlinks will be broken, ...
      (freebsd-questions)
    • Re: Finding hardlinks
      ... the kstat.ino field to 64bit and fix those filesystems to fill in ... 160-bit SHA1 hashes as unique object identifiers. ... But Coda only allow hardlinks within a single directory and if someone ...
      (Linux-Kernel)
    • Re: Problem with removing a chroot
      ... I am having a problem removing the remains of a chroot; ... It's not possible to create hardlinks across different filesystems, ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
      (Debian-User)
    • Re: hardlink not working with directories on same file system
      ... > I believe your misreading the man page. ... > The bit about the same filesystem applies to ALL hardlinks, ... I'm not going across filesystems. ... Mark Hobley ...
      (comp.os.linux)