Tuesday, 10 May 2011

Things I wish people had told me about 1: Bind Mounts

Stuff I wish people had told me about No. 1

Bind Mounts

Quite often I find myself wanting to run processes in a chroot. This is especially true for file services being served up by ftp or http. Unfortunately I often find that files I want people to get access to are outside the directory that I want to chroot them into.

Now, symbolic links won't work across chroot, and though you can use a hard-link to make files individually available within a chroot, it becomes a lot of work for a lot of files.

Just recently though, I discovered that you can do this:

mkdir /home/PublicData
mount --bind /home/PublicData /home/chroot/PublicData

These 'bind mounts' allow you to 'mount' a directory onto another directory. So, you create an empty directory with a particular name, then call the mount command to mount another directory onto your empty directory, so that when people enter the 'empty' directory, they are teleported to the other directory.

This means that you can choose which directories to make available to people who are in some kind of chroot jail. Very useful!

I wish someone had told me about this earlier.

No comments:

Post a Comment