Re: Re: chroot & mount --bind = security ?
From: Glynn Clements (glynn.clements_at_virgin.net)
Date: Mon, 12 Apr 2004 00:14:03 +0100 To: Scott Gifford <firstname.lastname@example.org>
Scott Gifford wrote:
> > >> I would like to do like this :
> > >>
> > >> - A folder /var/www witch contains my html documents
> > >> - mount --bind /var/www /chroot/httpd/var/www to allow the web server to access them
> > >> - mount --bind /var/www /chroot/ftpd/var/www to allow the ftp server to update them
> > l> This is how I do it for my chroot'd ftp server, since 'ln -s' obviously
> > How about 'ln' ?
> > Presuming they are on the same mount point and media, a "hard link"
> > shouldn't be a problem.
> > I've never seen hard links being "not recommended" - perhaps except
> > when symlinks could do the job.
> Most filesystems I've used are intolerant of hardlinks between
> [sgifford@sghome sgifford]$ ln tmp tmp2
> ln: `tmp': hard link not allowed for directory
> The manpage on Linux says you can hardlink directories if you're
> superuser, although I couldn't get the flags to work.
The "ln" program from GNU fileutils requires that you use an
-d, -F, --directory
hard link directories (super-user only)
However, it also requires that the underlying OS allows the operation,
and Linux doesn't allow hard links to directories (nor do some other
Unices, and those that do normally only allow it for root).
Linux' link(2) manpage says:
EPERM oldpath is a directory.
-- Glynn Clements <email@example.com>