Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
err.... mount --bind ???
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo on PPC
View previous topic :: View next topic  
Author Message
decrease789
Apprentice
Apprentice


Joined: 25 Jun 2004
Posts: 194
Location: The United Krapdom

PostPosted: Sat May 21, 2005 11:44 am    Post subject: err.... mount --bind ??? Reply with quote

not really a gentoo question....

but anyone know what the equivalent of
Code:
  mount --bind /var/ftp/incoming /home/bob/incoming
is in mac os x?

and how I would keep this mount rebooting (fstab?) os x as well?


Last edited by decrease789 on Sat May 21, 2005 11:52 am; edited 1 time in total
Back to top
View user's profile Send private message
adaptr
Watchman
Watchman


Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands

PostPosted: Sat May 21, 2005 11:48 am    Post subject: Reply with quote

If the Mac OSX version of mount doesn't have that option then there is no equivalent, obviously.

Just symlink it in that case.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen
Back to top
View user's profile Send private message
decrease789
Apprentice
Apprentice


Joined: 25 Jun 2004
Posts: 194
Location: The United Krapdom

PostPosted: Sat May 21, 2005 11:53 am    Post subject: Reply with quote

cant symlink due to proftp limitations
Back to top
View user's profile Send private message
adaptr
Watchman
Watchman


Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands

PostPosted: Sat May 21, 2005 11:59 am    Post subject: Reply with quote

Yes you can - I use symlinks quite heavily with proftpd.
What exactly is the problem, then ?
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen
Back to top
View user's profile Send private message
decrease789
Apprentice
Apprentice


Joined: 25 Jun 2004
Posts: 194
Location: The United Krapdom

PostPosted: Sat May 21, 2005 12:02 pm    Post subject: Reply with quote

Code:
ftp> ls
229 Entering Extended Passive Mode (|||60870|)
150 Opening ASCII mode data connection for file list
lrwxr-xr-x   1 admin    ftpgrp         38 May 20 18:13 mp3s -> ../../james/Music/iTunes/iTunes Music/
226 Transfer complete.
ftp> cd mp3s
550 mp3s: No such file or directory 
works in pure-ftpd.... but pure-ftpd doesnt let me login as virtual user for some reason
Back to top
View user's profile Send private message
decrease789
Apprentice
Apprentice


Joined: 25 Jun 2004
Posts: 194
Location: The United Krapdom

PostPosted: Sat May 21, 2005 12:09 pm    Post subject: Reply with quote

also...
Code:
ftp> ls
229 Entering Extended Passive Mode (|||61130|)
150 Opening ASCII mode data connection for file list
lrwxr-xr-x   1 admin    ftpgrp          6 May 21 12:06 bobina -> ../../
lrwxr-xr-x   1 admin    ftpgrp         38 May 20 18:13 mp3s -> ../../james/Music/iTunes/iTunes Music/
drwxr-xr-x   2 root     ftpgrp         68 May 21 11:28 mymusic
226 Transfer complete.
ftp> cd bobina
250 CWD command successful
ftp> ls
229 Entering Extended Passive Mode (|||61134|)
150 Opening ASCII mode data connection for file list
drwxr-xr-x   5 admin    ftpgrp        170 May 21 12:06 Public
drwxr-xr-x   2 guest    guest          68 May 20 18:22 upload
226 Transfer complete. 
where the bobina symlink is outside the jail.... however it only goes to the root of the jail

what version are you using? I have 1.2.10
Back to top
View user's profile Send private message
adaptr
Watchman
Watchman


Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands

PostPosted: Sat May 21, 2005 12:17 pm    Post subject: Reply with quote

The trick is to not use chroot but set directory restrictions directly.
I use proftpd in this way and can guarantee you that users can't leave their home directory.

Write a Deny All for the root dir and selectively add public ftp directories you want people to have access to.
For the home directories I only allow ALL and SITE_CHMOD - this seems to do the trick ;-)

Please don't get into arguments about whether or not chroot is needed or better - this is how I do it and it solves your problems.

EDIT: the only thing proftpd does as root is logging users in and changing the EUID; everything else is done as the proftpd user.

I really don't see that much danger here.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen


Last edited by adaptr on Sat May 21, 2005 12:21 pm; edited 1 time in total
Back to top
View user's profile Send private message
decrease789
Apprentice
Apprentice


Joined: 25 Jun 2004
Posts: 194
Location: The United Krapdom

PostPosted: Sat May 21, 2005 12:21 pm    Post subject: Reply with quote

adaptr wrote:
Please don't get into arguments about whether or not chroot is needed or better - this is how I do it and it solves your problems.
phpf.... I have better things to be doing.... thinking about it I dont need chrooting anyway! I have already restricted access to users on the same LAN

can you give me an example?
Back to top
View user's profile Send private message
decrease789
Apprentice
Apprentice


Joined: 25 Jun 2004
Posts: 194
Location: The United Krapdom

PostPosted: Sat May 21, 2005 4:57 pm    Post subject: Reply with quote

like this ????
Code:
<Directory ~>
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
</Directory>

<Directory ~/../>
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
</Directory>

<Directory />
DenyAll
  AllowOverwrite                on
</Directory> 
Back to top
View user's profile Send private message
adaptr
Watchman
Watchman


Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands

PostPosted: Sat May 21, 2005 5:27 pm    Post subject: Reply with quote

Erm.. no ?
Don't give anybody access to /home, right ?
AllowAll is not a directive AFAIAA.

Code:
<Directory />
AllowOverride off
HideNoAccess on

<Limit ALL>
IgnoreHidden on
Order Allow, Deny
Deny All
</Limit>
</Directory>

<Directory ~>
AllowOverride no
<Limit ALL SITE_CHMOD>
Order Allow, Deny
Allow All
</Limit>
</Directory>

Then you link in other directories (outside the users' home directory) like so:
Code:
<Directory /home/public>
AllowOverride on
<Limit ALL>
Order Allow, Deny
Allow All
</Limit>
</Directory>

You can change ALL to READ DIRS if you want to restrict users to read-only access for a particular directory, or set that up dynamically with filesystem permissions, of course.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen
Back to top
View user's profile Send private message
decrease789
Apprentice
Apprentice


Joined: 25 Jun 2004
Posts: 194
Location: The United Krapdom

PostPosted: Sun May 22, 2005 7:13 pm    Post subject: Reply with quote

hm..... weird....

when i cd to the symbolic link....
and then cd ..
i get to the directory beneath the symbolic link rather than back to the directory which contains the symlink
ideas?
Back to top
View user's profile Send private message
adaptr
Watchman
Watchman


Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands

PostPosted: Sun May 22, 2005 7:38 pm    Post subject: Reply with quote

Not without your proftpd.conf ;-)
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen
Back to top
View user's profile Send private message
decrease789
Apprentice
Apprentice


Joined: 25 Jun 2004
Posts: 194
Location: The United Krapdom

PostPosted: Sun May 22, 2005 7:50 pm    Post subject: Reply with quote

Code:
ServerName                      "JamesNicolsons Darwin Apple Mac || ProFTPD"
ServerType                      inetd
DefaultServer                   on
AuthPAMConfig                   ftpd
PersistentPasswd                off
RequireValidShell               off
AuthUserFile    "/opt/local/etc/ftpusr-pro"
AuthGroupFile   "/opt/local/etc/ftpgrp-pro"
Port                            21
MaxInstances                    30
User                            ftpusr
Group                           ftpgrp

<Limit ALL>
    Order                       allow, deny
    Allow                       from 192.168.1.
    Allow                       from 127.0.0.1
    Deny                        from all
</Limit>

Umask                           037

<Directory />
AllowOverride off
  AllowOverwrite                off
HideNoAccess on
<Limit ALL>
IgnoreHidden on
Order Allow, Deny
Deny All
</Limit>
</Directory>

<Directory ~>
AllowOverride no
<Limit ALL SITE_CHMOD>
Order Allow, Deny
Allow All
</Limit>
</Directory>

<Directory /Public>
AllowOverride on
<Limit ALL>
Order Allow, Deny
Allow All
</Limit>
</Directory>

<Directory /upload>
AllowOverride on
<Limit ALL>
Order Allow, Deny
Allow All
</Limit>
</Directory>

<Directory /Public/mp3s>
AllowOverride on
<Limit ALL>
Order Allow, Deny
Allow All
</Limit>
</Directory>

<Directory ~/../>
AllowOverride on
<Limit ALL>
Order Allow, Deny
Allow All
</Limit>
</Directory>

<Anonymous /Users/guest/>
 AnonRequirePassword    on
User                            ftpusr
  Group                         ftpgrp
 DirFakeUser on ~
  DirFakeGroup on ~
  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias                     anonymous ftp
  # Limit the maximum number of anonymous logins
  MaxClients                    10
  # We want 'welcome.msg' displayed at login, and '.message' displayed
  # in each newly chdired directory.
  DisplayLogin                  welcome.msg
  DisplayFirstChdir             .message
  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE>
    DenyAll
  </Limit>
</Anonymous> 


btw.... if I dont add the <Directory> for ~/../ then the symlink in /Public doesnt show up at all!!! I guess it only shows as long as it can access each directory along the symlink
Back to top
View user's profile Send private message
decrease789
Apprentice
Apprentice


Joined: 25 Jun 2004
Posts: 194
Location: The United Krapdom

PostPosted: Sun May 22, 2005 8:41 pm    Post subject: Reply with quote

this solved my problem instead of symlinking I did this

mount localhost:/path/to/real/file /path/to/chrooted/directory

i found it here

http://p197.ezboard.com/fmacnightowlmessageboardfrm12.showMessage?topicID=432.topic
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo on PPC All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum