Tags
Infos
The Proftpd’s directive "DefaultRoot" [1] controls the default root directory assigned to a user upon login : a chroot operation is performed. It’s depend on the "mod_auth" module.
The special character ’ ’ is replaced with the authenticating user’s home directory immediately after login.
DefaultRoot
About "symlink" :
A symbolic link (also referred to as a "symlink") is a file whose contents contain the name of the file to which the symbolic link points.
For example :
lrwxrwxrwx 1 root root 11 Mar 2 2000 rmt -> /sbin/rmtThe file rmt contains the nine characters /sbin/rmt.
The reason symbolic links fail when chroot(2) is used to change the position of the root (/)of the filesystem is that, once / is moved, the pointed-to file path changes.
If, for example, if chroot(2) is used to change the filesystem root to /ftp, then the symlink above would be actually be pointing to /ftp/sbin/rmt.
Chances that that link, if chroot(2) is used, now points to a path that does not exist. Symbolic links that point to nonexistent files are known as dangling symbolic links. Note that symbolic links to files underneath the new root, such as symlinks to a file in the same directory :
> pwd
/var/ftp
> ls -l
-rw-r--r-- 1 root root 0 Jan 16 11:50 tmpfile
lrwxrwxrwx 1 root root 7 Jan 16 11:50 tmplink -> tmpfilewill be unaffected ; only paths that point outside/above the new root will be affected.
Filesystem Tricks
A typical scenario is one where "DefaultRoot " is used to restrict users to their home directories, and where the administrator would like to have a shared upload directory, say /var/ftp/incoming, in each user’s home directory. Symbolic links would normally be used to provide an arrangement like this. As mentioned above, though, when chroot(2) is used (which is what the DefaultRoot directive does), symlinks that point outside the new root (the user’s home directory in this case) will not work. To get around this apparent limitation, it is possible on modern operating systems to mount directories at several locations in the filesystem.
To have an exact duplicate of the /var/ftp/incoming directory available in /home/bob/incoming and /home/dave/incoming, use one of these commands :
* Linux (as of the 2.4.0 kernel):
mount --bind /var/ftp/incoming /home/bob/incoming
mount --bind /var/ftp/incoming /home/dave/incoming
or, alternatively:
mount -o bind /var/ftp/incoming /home/bob/incoming
mount -o bind /var/ftp/incoming /home/dave/incomingrelated link : http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-Chroot.html
RSS 2.0