Re: Re[2]: chroot & mount --bind = security ?

From: Glynn Clements (glynn.clements_at_virgin.net)
Date: 04/12/04

  • Next message: P. Deelman: "decent loadbalancing with 2 different ISP's with minimum risks"
    Date: Mon, 12 Apr 2004 00:14:03 +0100
    To: Scott Gifford <sgifford@suspectclass.com>
    
    

    Scott Gifford wrote:

    > > >> I would like to do like this :
    > > >>
    > > >> - A folder /var/www witch contains my html documents
    > > >> - mount --bind /var/www /chroot/httpd/var/www to allow the web server to access them
    > > >> - mount --bind /var/www /chroot/ftpd/var/www to allow the ftp server to update them
    > >
    > > l> This is how I do it for my chroot'd ftp server, since 'ln -s' obviously
    > >
    > > How about 'ln' ?
    > > Presuming they are on the same mount point and media, a "hard link"
    > > shouldn't be a problem.
    > >
    > > I've never seen hard links being "not recommended" - perhaps except
    > > when symlinks could do the job.
    >
    > Most filesystems I've used are intolerant of hardlinks between
    > directories:
    >
    > [sgifford@sghome sgifford]$ ln tmp tmp2
    > ln: `tmp': hard link not allowed for directory
    >
    > The manpage on Linux says you can hardlink directories if you're
    > superuser, although I couldn't get the flags to work.

    The "ln" program from GNU fileutils requires that you use an
    additional switch:

           -d, -F, --directory
                  hard link directories (super-user only)

    However, it also requires that the underlying OS allows the operation,
    and Linux doesn't allow hard links to directories (nor do some other
    Unices, and those that do normally only allow it for root).

    Linux' link(2) manpage says:

           EPERM oldpath is a directory.

    -- 
    Glynn Clements <glynn.clements@virgin.net>
    

  • Next message: P. Deelman: "decent loadbalancing with 2 different ISP's with minimum risks"

    Relevant Pages

    • Re: Re[2]: chroot & mount --bind = security ?
      ... Most filesystems I've used are intolerant of hardlinks between ... the manpage said directory hardlinks weren't recommended to ...
      (Focus-Linux)
    • Re: Inhalt einer gezipten Datei ansehen
      ... ist Deine Antwort so falsch. ... Oder - um bei dem Beispiel zu bleiben - die Manpage ... Linux is for people who hate Windows | Christian 'strcat' Schneider ... OpenBSD is for people who hate everything | http://www.strcat.de/rtfm/ ...
      (de.comp.os.unix.linux.misc)
    • Re: =?iso-8859-15?Q?Bash-Skript_f=FCr_Backup_gesuch?= =?iso-8859-15?Q?t?=
      ... Archivbit ist ja nicht unter Linux. ... bin ich gestern jedenfalls nicht weit gekommen, differentielle Backups ... In der c't haben sie mal eine Lösung beschrieben, wie man unter Einsatz von rsync mit Hilfe von Hardlinks differenzielle Backups erstellt, die wie ein Vollbackup aussehen. ...
      (de.comp.os.unix.linux.misc)
    • Re: Linux kernel setgid implementation flaw
      ... this is correct standard unix98 behavior ... sorry for pointing out a vulnerability in a manpage:p ... Linux uses more current standards ... Such an error in a manpage, for people who are not standard unix98 gurus, is dangerous. ...
      (Bugtraq)
    • Re: ls colorized in freebsd csh??
      ... as described in the manpage. ... >> In Linux I have a ls colorized how to do in FreeBSD csh??? ...
      (freebsd-questions)