8

So, I'm pretty sure this is true, but I haven't found a specifically detailed independent reference that directly answers my question. Question being:

How can I add access to a resource that is outside the chroot environment?

I have set up chroot SFTP using OpenSSH's newish ChrootDirectory directive.

Unfortunately, in my environment, I cannot directly restrict chroot to the main directory where certain user resources live. So I created a separate chroot area, and am linking in the required resources.

I tried using symlinks to do this. e.g.

ln -s /path/to/resource /chroot/dir/resource

But that got a "could not canonicalize directory not found" error

So my solution was to use a bind mount:

mount --bind /path/to/resource /chroot/dir/resource

That worked.

Really, I just wanted general confirmation that symlinks won't work. A link to a good reference describing this would be nice also.

Olli
  • 7,571
  • 3
  • 34
  • 47
JDS
  • 472
  • 1
  • 7
  • 15

1 Answers1

7

You can't use symlinks, that is true. Symbolic links are relative to root directory (/), and in chroot that is chroot's root, not your filesystem root.

Here's proftpd documentation page explaining the same thing.

Olli
  • 7,571
  • 3
  • 34
  • 47