AnswerBun.com

Problem with symbolic links in FTP client

Server Fault Asked by Falcata on November 15, 2020

I’ve recently run into some problems while trying to setup a FTP server a certain way. I have a client who has a LOT of data put into one folder. The client then has various directories by which the data is organized. At the end (of the “directory filter”) they have a symbolic link that points to a file in the massive data folder. E.g

/lab/directory1/type2/data/owner/lab/bla/bla/file---->/lab/data/filexyz

In order to replicate and setup a “FTP” server, I simply created a directory called /lab/data/ and copied all the data on there. I then just copied the symbolic link folder structure.

I then setup vsftpd. Created a local user with a false bin and set that users home directory to /lab The problem I run into is that when I have chroot_local_user=YES enabled in the config file, the user is unable to get the file the server gives 550 Failed to open file. why is this the case. The symbolic link is pointing to a file that is in their home directory. However when I have chroot_local_use=NO the user is able to download the files seamlessly. Is there way to enable the user to get files via symbolic links that are in their home directory while being chroot jailed?

I’ve been scratching my head over this. Thanks!

4 Answers

I had this problem because I used absolute paths to the link target.

my command was:

ln -s /var/www/vhost/myhost.com/typo3_src/typo3_src-8.7.6/ typo3_src

... typo3_src did not show up in the FTP client

when I used relative paths it worked:

ln -s typo3_src/typo3_src-8.7.6/ typo3_src

Answered by Gerfried on November 15, 2020

You can use the bind option of mount to remount the other folder so the FTP server sees the files as being within the root of the website.

You could mount /home/shared/files/ under /home/website/files/ like this.

Create a mount point (a directory) in /home/website

mkdir /home/website/files/

Mount the other directory under this mount point:

mount --bind /home/shared/files /home/website/files/

It will now appear that those files are actually under /home/website/ so will be available even if you restrict the user to this website root directory....

Taken from here:

Setup symbolic link where users can access it with FTP

Answered by Mintakastar on November 15, 2020

You should use something like mount --bind

Answered by Eno on November 15, 2020

A symbolic link is a pointer to the "right" file. But if that original file is outside the jail then you can't access it. This is the goal of a jail. Otherwise a normal user could create a symbolic link in the jail to /etc/passwd and just read it. What a security risk!

So jailed is jailed. Probably a hard link will do the job, as this is a "copy without duplicating the used size". And for the FTP server it is like a normal file (with all the problems).

Answered by mailq on November 15, 2020

Add your own answers!

Related Questions

Port not responding remotely, but shows as open locally

1  Asked on November 12, 2021 by avjinder-sekhon

       

nginx error 500 when making api request to backend container

0  Asked on November 12, 2021 by christian-geng

         

Understanding smartd

1  Asked on November 12, 2021 by dovid-bender

     

mdadm alerts configuration

0  Asked on November 12, 2021 by mindserver

   

Cannot restart apache after certificate replacement

1  Asked on November 12, 2021 by kyle-banerjee

   

Reverse proxying a HLS stream with nginx

0  Asked on November 12, 2021 by mayleap1

         

Varnish PURGE client.ip docker-compose

1  Asked on November 12, 2021 by zhartaunik

   

Nginx refuses custom error pages

1  Asked on November 12, 2021

       

splitting tcp traffic to multiple recipients on the backend?

1  Asked on November 12, 2021 by kevin-martin

       

Curl – download file range

2  Asked on November 10, 2021

 

apache times out with low cpu and memory usage

1  Asked on November 10, 2021 by develth

     

MySQL Cluster SQL Node not synchronizing

1  Asked on November 10, 2021 by user2249803

   

nginx: different configuration based on cookie

2  Asked on November 10, 2021 by jay-paroline

 

How to connect to Windows Nano Server via SSH?

2  Asked on November 10, 2021 by andre-figueiredo

     

Redirect to localhost:8080?

3  Asked on November 10, 2021 by meds

     

Ask a Question

Get help from others!

© 2022 AnswerBun.com. All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP, SolveDir