4

I need to setup some users to access our server. I thought the most secure way to allow them access was to setup a chroot'ed jail for them to log into.

But I need them to access a few select directories that are outside the chroot'ed environment. Apparently I can't use symlinks for this. What is the best approach? Can a chroot'ed environment not be used for this purpose?

Jake Wilson
  • 8,814
  • 29
  • 97
  • 125

2 Answers2

12

This is a place where a bind mount will do what you want.

Zoredache
  • 130,897
  • 41
  • 276
  • 420
  • 6
    A bind mount would likely be the best way out of this hole. "mount -o bind /dir/outside/chroot /dir/inside/chroot" To survive a reboot add "/dir/inside/chroot /dir/outside/chroot none bind 0 0" to your /etc/fstab file. – Rik Schneider Nov 16 '10 at 03:18
2

If it's on the same filesystem and it's individual files, hardlinks will work.

Softlinks will not work: the main purpose of a chroot'ed jail is that users can't get out to access files that aren't inside there.

You can use cp -lr to duplicate a directory tree with each file being a hardlink to the same underlying file, but that won't immediately pick up renames/moves, new files or deletes.

I think @SvenW has the best idea: move the directory into the chroot area and make the current location a symlink to the version inside the chroot.

Community
  • 1
freiheit
  • 14,544
  • 1
  • 47
  • 69
  • I get "Invalid cross-device link". The files are on a different internal hdd. Guess that's not gonna work. – Jake Wilson Nov 15 '10 at 23:52
  • 1
    Maybe you could move the files into the required file system and then maybe use symlinks for other non-chrooted users? – Sven Nov 16 '10 at 00:53