Problem with symbolic links in FTP client
Solution 1
A symbolic link is a pointer to the "right" file. But if that original file is outside the jail then you can't access it. This is the goal of a jail. Otherwise a normal user could create a symbolic link in the jail to /etc/passwd and just read it. What a security risk!
So jailed is jailed. Probably a hard link will do the job, as this is a "copy without duplicating the used size". And for the FTP server it is like a normal file (with all the problems).
Solution 2
You can use the bind option of mount to remount the other folder so the FTP server sees the files as being within the root of the website.
You could mount /home/shared/files/ under /home/website/files/ like this.
Create a mount point (a directory) in /home/website
mkdir /home/website/files/
Mount the other directory under this mount point:
mount --bind /home/shared/files /home/website/files/
It will now appear that those files are actually under /home/website/ so will be available even if you restrict the user to this website root directory....
Taken from here:
Setup symbolic link where users can access it with FTP
Solution 3
You should use something like mount --bind
Related videos on Youtube
04 : 31
04 : 52
28 : 08
11 : 54
02 : 51
Falcata
Updated on September 18, 2022Comments
-
Falcata almost 2 years
I've recently run into some problems while trying to setup a FTP server a certain way. I have a client who has a LOT of data put into one folder. The client then has various directories by which the data is organized. At the end (of the "directory filter") they have a symbolic link that points to a file in the massive data folder. E.g
/lab/directory1/type2/data/owner/lab/bla/bla/file---->/lab/data/filexyzIn order to replicate and setup a "FTP" server, I simply created a directory called
/lab/data/and copied all the data on there. I then just copied the symbolic link folder structure.I then setup vsftpd. Created a local user with a false bin and set that users home directory to
/labThe problem I run into is that when I havechroot_local_user=YESenabled in the config file, the user is unable to get the file the server gives550 Failed to open file.why is this the case. The symbolic link is pointing to a file that is in their home directory. However when I havechroot_local_use=NOthe user is able to download the files seamlessly. Is there way to enable the user to get files via symbolic links that are in their home directory while being chroot jailed?I've been scratching my head over this. Thanks!
-
Falcata almost 13 yearsBut here is the thing, the symbolic link is inside the home directory of the user. I cannot create hard links because the files are not on the same file system. They are on EBS volumes in amazon mounted on a folder inside the users home directory.
-
mailq almost 13 yearsThe symbolic link itself is the problem. Not the target of the symbolic link. So probably this is why it is called
vsftpd(very secure ...). You could try ProFTPd which is able to follow symlinks. -
Falcata almost 13 yearsThanks for the reply maliq. I'm looking into proFTPd right now, is there no way to make it work with VDFTPD?
-
mailq almost 13 yearsNo way with symlinks. Use hard links, no jail or the method mentioned by @Eno.
-
Falcata almost 13 yearsI keep on bugging you :(. So I tried using proftpd and I followed the tutorial here: proftpd.org/docs/howto/Chroot.html I cannot see the symbolic link: e.g: I want to create a link to /lab/data/009.txt in the folder /lab/somefilter/filter1/test/ by the name of thisfile.txt so /lab/somefilter/filter1/test/thisfile.txt ---> /lab/data/009.txt This does not seem to work. Any thoughts? Thanks :)
-
Castaglia over 8 yearsProFTPD should now handle these situations much better; see Bug#4219. Assuming, of course, that your symbolic links point to other files within the chroot.
