Home

Chroot Mount Trick

Fri, 01/18/2008 - 5:41pm — Vinno

Symlinks and Chroot()
How to add more directory's to a chrooted / jailed account.
So you have an ftp server running, you allow access to bob.
He has been locked down (chroot'ed) to a certain directory and not allowed system wide access to any where else.

All good.

But what if you want him to access another directory outside he's chrooted directory!?!?!
First thing on your mind is lets make a symlink to the files/directory like we do everyday. The ftp server wont read the same

A quick run down example:
Bob is chooted down to /home/bob/, he cant change to any other directory besides whats contained in /home/bob/ for him to access by ftp.

Bob has asked for access to /home/sandy/pictures/porn/ (just a good example to keep you awake) making a symlink: 

ln -s /home/bob/porn /home/sandy/pictures/porn"

will work but when bob is trying to access the files by ftp, the ftp server would just deny him access or flick him back to his home root.

Why would the ftp server do that?
When you chrooted bob ftp account, your making that directory you set his root;
To bob, hes ftp root location is /
To the real file system, hes location is /home/bob/

So if we linked a real file system directory like /home/sandy/pictures/porn to bobs chrooted location /, the ftp server will read it as /home/bob/home/sandy/pictures/porn which it exist in the filesystem but doesnt exist in bob's ftp chrooted directory.

Hope you get what I mean.

Using Mount to overcome the problem!

In Windows, its X: X being a letter

In Linux, you can mount a CD Rom, Floppy Disk, Partition, Additional Hard Drive or even a Directory to any location in the current file system of your choice.
e.g Your CD Drive = /home/john/drives/cdrom1 Your Floppy Disk = /media/floppy

NOTE: Please read this page as a reference before continuing on. As it may help, some references might relate to Ubuntu Linux.

house cover
buy to let mortgage
online comparison
visit now

Anyways to continue on with Mount
By using mount, we can get the ftp to allow bob access to the other locations we want.
Lets make a directory where we can mount sandys porn to:

mkdir sandyporn

Now lets mount sandys directory into bobs new directory sandyporn.

sudo mount --bind /home/sandy/pictures/porn /home/bob/sandyporn

Now bob can ftp into hes chrooted account while being able to access sandy's porn directory too!

If you want to make it permanent even after a computer reboot,You will need to add a line to your fstab file.

sudo nano /etc/fstab

On the last line, add:

/home/sandy/pictures/porn /home/bob/sandyporn none defaults,bind 0 0

Hope that helps you, many people always run into this problem. This can also be used for ssh chrooted / jailed accounts.

Edit----Update---
Been helping quite a few via email, some notes:
-When you mount from a existing file system already, permissions will be carryed other. So look at your Owner User Other permissions of the files your mounting.
-If you get unknown file system in '/etc/fstab', try "auto bind 0 0" instead of "none defaults, bind 0 0"

Comments

Thu, 01/24/2008 - 2:00pm — George (not verified)

500 Failed to change directory

In first place, thanks for this tip. But, I've tried it and doesn't works on my system. I don't know what I'm doing wrong. Following these same steps I mounted the directory, but once I try to access through the FTP it gives me a 500 Failed to change directory. Anyone can help me? Thanks.
Thu, 01/24/2008 - 6:27pm — Vinno

Hmm

George your not running like Redhat / Fedora with SELinux enabled are you? That could be the problem. If its not, just drop me a email with your msn details and we can get to the bottom of it if you want. --- Vinno. Contact Me
Thu, 01/24/2008 - 6:47pm — George (not verified)

No, I'm just using Ubuntu

No, I'm just using Ubuntu 7.10 with original kernel. I'll look deeper in vsftpd to see why happen that. Here you haver an email if you want to contact me: oakfice@hotmail.com George
Sun, 01/27/2008 - 4:33pm — George (not verified)

Ok, now it's working fine.

Ok, now it's working fine. Thanks Vinno! It was just a permission problem. The common folder had this permissions: "drwxrwx---". So when I tried to get in using vsftpd it didn't work. Changing this permissions work perfectly and now I can access without any problem. My common directory was a mounted media, so I has to change a line in /etc/fstab to change my permisions. that was: # /dev/sda5 UUID=90FC2C1EFC2BFCDA /media/dades ntfs defaults,umask=0002,gid=46 0 1 instead of # /dev/sda5 UUID=90FC2C1EFC2BFCDA /media/dades ntfs defaults,umask=007,gid=46 0 1 I changed only the umask=007 for umaks=0002. And now works!
Thu, 01/24/2008 - 5:13pm — unixfoo (not verified)

Good one

Thanks for sharing .. - http://unixfoo.blogspot.com

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • You may post PHP code. You should include <?php ?> tags.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
   __      __      ___    _  _   
  / /_    / /_    / _ \  | || |  
 | '_ \  | '_ \  | (_) | | || |_ 
 | (_) | | (_) |  \__, | |__   _|
  \___/   \___/     /_/     |_|
Enter the code depicted in ASCII art style.