Problem with symbolic links in FTP client

Server Fault Asked by Falcata on November 15, 2020

I’ve recently run into some problems while trying to setup a FTP server a certain way. I have a client who has a LOT of data put into one folder. The client then has various directories by which the data is organized. At the end (of the “directory filter”) they have a symbolic link that points to a file in the massive data folder. E.g


In order to replicate and setup a “FTP” server, I simply created a directory called /lab/data/ and copied all the data on there. I then just copied the symbolic link folder structure.

I then setup vsftpd. Created a local user with a false bin and set that users home directory to /lab The problem I run into is that when I have chroot_local_user=YES enabled in the config file, the user is unable to get the file the server gives 550 Failed to open file. why is this the case. The symbolic link is pointing to a file that is in their home directory. However when I have chroot_local_use=NO the user is able to download the files seamlessly. Is there way to enable the user to get files via symbolic links that are in their home directory while being chroot jailed?

I’ve been scratching my head over this. Thanks!

4 Answers

I had this problem because I used absolute paths to the link target.

my command was:

ln -s /var/www/vhost/ typo3_src

... typo3_src did not show up in the FTP client

when I used relative paths it worked:

ln -s typo3_src/typo3_src-8.7.6/ typo3_src

Answered by Gerfried on November 15, 2020

You can use the bind option of mount to remount the other folder so the FTP server sees the files as being within the root of the website.

You could mount /home/shared/files/ under /home/website/files/ like this.

Create a mount point (a directory) in /home/website

mkdir /home/website/files/

Mount the other directory under this mount point:

mount --bind /home/shared/files /home/website/files/

It will now appear that those files are actually under /home/website/ so will be available even if you restrict the user to this website root directory....

Taken from here:

Setup symbolic link where users can access it with FTP

Answered by Mintakastar on November 15, 2020

You should use something like mount --bind

Answered by Eno on November 15, 2020

A symbolic link is a pointer to the "right" file. But if that original file is outside the jail then you can't access it. This is the goal of a jail. Otherwise a normal user could create a symbolic link in the jail to /etc/passwd and just read it. What a security risk!

So jailed is jailed. Probably a hard link will do the job, as this is a "copy without duplicating the used size". And for the FTP server it is like a normal file (with all the problems).

Answered by mailq on November 15, 2020

Add your own answers!

Related Questions

Port not responding remotely, but shows as open locally

1  Asked on November 12, 2021 by avjinder-sekhon


nginx error 500 when making api request to backend container

0  Asked on November 12, 2021 by christian-geng


Understanding smartd

1  Asked on November 12, 2021 by dovid-bender


mdadm alerts configuration

0  Asked on November 12, 2021 by mindserver


Cannot restart apache after certificate replacement

1  Asked on November 12, 2021 by kyle-banerjee


Reverse proxying a HLS stream with nginx

0  Asked on November 12, 2021 by mayleap1


Varnish PURGE client.ip docker-compose

1  Asked on November 12, 2021 by zhartaunik


Nginx refuses custom error pages

1  Asked on November 12, 2021


splitting tcp traffic to multiple recipients on the backend?

1  Asked on November 12, 2021 by kevin-martin


Curl – download file range

2  Asked on November 10, 2021


apache times out with low cpu and memory usage

1  Asked on November 10, 2021 by develth


MySQL Cluster SQL Node not synchronizing

1  Asked on November 10, 2021 by user2249803


nginx: different configuration based on cookie

2  Asked on November 10, 2021 by jay-paroline


How to connect to Windows Nano Server via SSH?

2  Asked on November 10, 2021 by andre-figueiredo


Redirect to localhost:8080?

3  Asked on November 10, 2021 by meds


Ask a Question

Get help from others!

© 2022 All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP, SolveDir