On Sat, Nov 03, 2001 at 07:09:03PM -0600, Carl Wilhelm Soderstrom wrote: > > Force your users to use sftp or scp to move their files about. If you > > want to be really paranoid, run your ftp daemon in a chroot and use the > > Linux 2.4 feature of multi-mount binding of directories. E.g. > > > > bash$ sudo mount --bind /home/ftp/pub /var/chroot/ftpd/pub > > bash$ sudo chroot /var/chroot/ftpd /etc/init.d/wuftpd start > > what's the benefit of multi-mount binding in this case? The benefit is that the binary objects live in /var/chroot/ftpd, and you don't have to move your traditional ftp archives around. Let's say you've got a handful of gigs of files in /home/ftp/pub. Let's also say you have about 600MB of space in /var. Now, moving all of those files over won't obviously work. Getting a new hardrive may not be in the budget at the time, so you do the next best thing. Double mount the directory entry. You have environment isolation for your binaries, yet you don't have to completely overhaul your system to do it. Violla, the benefits of multi-mount binding in this case. ;-) You do realize that the second line of the bash is executing wuftpd in context of the chroot, right? The init script would be located in /var/chroot/ftpd/etc/init.d/wuftpd... The second binding could easily be /var/chroot/home/ftp/pub... (and probably should have been). Anyway. Have fun chrooting. -- Chad Walstrom <chewie at wookimus.net> | a.k.a. ^chewie http://www.wookimus.net/ | s.k.a. gunnarr Key fingerprint = B4AB D627 9CBD 687E 7A31 1950 0CC7 0B18 206C 5AFD -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20011105/72d5c935/attachment.pgp