Linux: vsftpd and symbolic links

vsftpd is all about security, and that’s why you cannot access linked directories through vsftpd with any ftp client. My arguement is that if you know how to use symlinks, or are careful enough not to link directories you don’t want to share then who’s vsftpd to butt in and completely disallow you to use such convenient feature of an OS? Reminds me of Windows Server type security… they block IE by default so that you have to either allow every single site, or disable IE ESC altogether.

Here is my convenient workaround: use mount bind!
mount --bind /sourcedirectory /destinationdirectory
You can either use @reboot cron job to have the directories mounted, or mount though fstab by adding the following line:
/directory-you-want-to-mount /destination-directory none bind
Haa… gotcha, but don’t go too fast! This is mount, not ln and will NOT create a mount point in your destination directory. For instance, if you want to mount /home/share to /home/user/share you will need to create /home/user/share first, then mount. Also keep in mind that if you have a copy or rsync job to copy contents of /home/share AND /home/user recursively, you will create two full copies of /home/share directory. One in /home/share and one in /home/user/share. Exclude one of the directories from your cp or rsync job.

3 thoughts on “Linux: vsftpd and symbolic links

  1. Kevin Carpenter says:

    Nicely put, a small search with Google brought your site in number 3. I look forward to linking to it later to help bring it up on that ladder. I like the server, but that was certainly an annoyance and brought me to having to either re-think the setup of my web server or…

    Thanks for pointing this out and documenting it.

  2. aaa says:

    Well, it’s not about paranoid security, it’s about the fact that vsftpd chroots into the ftp root for every user. If your symlink points out of the chroot tree, don’t be surprised you can’t access it 😉

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.