0

I run a game server and I have a few people that I want to give access too the server to help develop. I am trying to let them have access to only these directories

/var/www/Update
/root/gamed/config

Each user will be placed under a group called devs with the home directory at /home/username and in the sshd_config I have the following for that group

Match group devs
    ChrootDirectory %h
    ForceCommand internal-sftp
    AllowTcpForwarding no

I tried to create a symbolic link to /var/www/Update, but when I logged in as a user under the devs group it didn't work.

tomirons
  • 103
  • 2

1 Answers1

3

You can try mounting the folder as a BIND in the users' home directories.

For user foo:

# mkdir -p /home/foo/Update /home/foo/GameConfig
# mount --bind /var/www/Update/ /home/foo/Update
# mount --bind /root/gamed/config /home/foo/GameConfig

And in your /etc/fstab, you can add

/var/www/Update /home/foo/Update           bind    defaults,bind 0 0
/root/gamed/config /home/foo/GameConfig    bind    defaults,bind 0 0

to mount at boot.

These should be more flexible than symlinks, especially when using chroot. Just make sure you have your permissions in order. You will need to do this once for each user, of course.

Refs:

http://docs.1h.com/Bind_mounts

https://fermilinux.fnal.gov/documentation/tips/mount-bind-chroot

Chris
  • 248
  • 1
  • 2
  • 9
  • That seems to be working great, now may I ask what exactly does `mount --bind` do? Does it copy the files or what? – tomirons Jul 15 '14 at 18:50
  • No; it merely makes the directory available _directly_ from another path, whereas symlinks act more like redirects. So with bind, two paths different will point to the same directory/data, but the filesystem thinks both of them are real. See http://docs.1h.com/Bind_mounts or https://fermilinux.fnal.gov/documentation/tips/mount-bind-chroot – Chris Jul 15 '14 at 18:58
  • @Hulu8004 If this solution worked for you, please mark it as such. Thank you. – Chris Jul 16 '14 at 15:46