proftpd, mass virtual hosting and symlinks

Mark Bojara mark at mics.co.za
Wed Jun 4 11:57:52 PDT 2003 

Hi Jez,

You could always do something like:

mount_null /www/example.com/www /home/user/web/example.com/www

Not sure how effective this is large scale.

Chow
Mark

----------------------------------------------------------------
Why doesn't DOS ever say "Excellent command or filename!"
----------------------------------------------------------------
On Wed, 4 Jun 2003, Jez Hancock wrote:

>Hi all,
>
>Our webserver serves a large number of domains and the partitioning
>scheme is setup like this:
>
>/home - contains all shell related items for users (we allow shell logins)
>/www - contains all documentroots for the server
>
>A typical user's documentroot resides in:
>
>/home/user/web/example.com/www/
>
>which is a symlink to
>
>/www/example.com/www
>
>The idea was to save time on httpd requests by serving files from a
>dedicated partition and similar issues also exist for
>suexec cgi-bin trees and logfile trees.
>
>The problem then is that when a user logs in via proftpd, if we use
>'DefaultRoot ~' to chroot the users to their home directories, the user
>is unable to follow the symlink to their web docroot(s) because of the
>old chestnut with chrooting disallowing symlinks out of the chroot root
>directory.
>
>I've read through the manual for proftpd, particularly this:
>http://proftpd.linux.co.uk/localsite/Userguide/linked/chroot-symlinks.html
>
>which suggests instead of symlinking, mount each (currently symlinked)
>directory in the target directory, something like:
>
>mount_null /www/example.com/www /home/user/web/example.com/www
>
>Questions:
>Is proftpd a viable option for mass vhosting given this type of
>partitioning scheme?  If so, how would I configure proftpd to handle symlinks
>whilst still not allowing users to break out of their home directory?
>
>If proftpd is not the best option - what other ftpd are recommended?  I
>understand PureFTPD implements a 'quasi' chrooting system via a module
>mod_vroot - is this a better option (proftpd also appears to have
>support for mod_vroot, but docs are sparse)?
>
>TIA,
>Jez
>_______________________________________________
>freebsd-isp at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-isp
>To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>

More information about the freebsd-isp mailing list