John Blade’s Homepage

One man on one island.

Symbolic links and Chroot

Comments

Found this awesome little tip in the proftpd manual on how to work around symoblic links issues.

There are two types of links in Unix: hard and symbolic.

A hard link is a file that is, for all intents and purposes, the file to which it is linked. The difference between a hardlink and the linked file is one of placement in the filesystem. Editing the hardlink edits the linked file. One limitation of hard links is that linked files cannot reside on different filesystems. This means that if /var and /home are two different mount points in /etc/fstab (or /etc/vfstab), then a file in /var/tmp cannot be hardlinked with a file in /home:
> pwd
/var/tmp
> ln /home/tj/tmp/tmpfile tmplink
ln: cannot create hard link `tmplink’ to `/home/tj/tmp/tmpfile’: Invalid cross-device link

A symbolic link (also referred to as a “symlink”) is a file whose contents contain the name of the file to which the symbolic link points. For example:
lrwxrwxrwx 1 root root 11 Mar 2 2000 rmt -> /sbin/rmt

The file rmt contains the nine characters /sbin/rmt. The reason symbolic links fail when chroot(2) is used to change the position of the root (/)of the filesystem is that, once / is moved, the pointed-to file path changes. If, for example, if chroot(2) is used to change the filesystem root to /ftp, then the symlink above would be actually be pointing to /ftp/sbin/rmt. Chances that that link, if chroot(2) is used, now points to a path that does not exist. Symbolic links that point to nonexistent files are known as dangling symbolic links. Note that symbolic links to files underneath the new root, such as symlinks to a file in the same directory:
> pwd
/var/ftp
> ls -l
-rw-r–r– 1 root root 0 Jan 16 11:50 tmpfile
lrwxrwxrwx 1 root root 7 Jan 16 11:50 tmplink -> tmpfile

will be unaffected; only paths that point outside/above the new root will be affected.

Filesystem Tricks
When chroot is used symlinks that point outside the new root (the user’s home directory in this case) will not work. To get around this apparent limitation, it is possible on modern operating systems to mount directories at several locations in the filesystem.

To have an exact duplicate of the /var/ftp/incoming directory available in /home/bob/incoming and /home/dave/incoming, use one of these commands:

Linux
mount –bind /var/ftp/incoming /home/bob/incoming

Gets around the symbolic links issue.

Written by JB Hewitt

September 30th, 2004 at 11:37 am

Posted in Linux

« Good bye Jessie…
Weekend @ Byron Bay »

Viewing 14 Comments

 

Trackbacks

(Trackback URL)

close Reblog this comment
Powered by Disqus · Learn more
blog comments powered by Disqus