Problem with symbolic links in FTP client

Server Fault Asked by Falcata on November 15, 2020

I’ve recently run into some problems while trying to setup a FTP server a certain way. I have a client who has a LOT of data put into one folder. The client then has various directories by which the data is organized. At the end (of the “directory filter”) they have a symbolic link that points to a file in the massive data folder. E.g


In order to replicate and setup a “FTP” server, I simply created a directory called /lab/data/ and copied all the data on there. I then just copied the symbolic link folder structure.

I then setup vsftpd. Created a local user with a false bin and set that users home directory to /lab The problem I run into is that when I have chroot_local_user=YES enabled in the config file, the user is unable to get the file the server gives 550 Failed to open file. why is this the case. The symbolic link is pointing to a file that is in their home directory. However when I have chroot_local_use=NO the user is able to download the files seamlessly. Is there way to enable the user to get files via symbolic links that are in their home directory while being chroot jailed?

I’ve been scratching my head over this. Thanks!

4 Answers

I had this problem because I used absolute paths to the link target.

my command was:

ln -s /var/www/vhost/ typo3_src

... typo3_src did not show up in the FTP client

when I used relative paths it worked:

ln -s typo3_src/typo3_src-8.7.6/ typo3_src

Answered by Gerfried on November 15, 2020

You can use the bind option of mount to remount the other folder so the FTP server sees the files as being within the root of the website.

You could mount /home/shared/files/ under /home/website/files/ like this.

Create a mount point (a directory) in /home/website

mkdir /home/website/files/

Mount the other directory under this mount point:

mount --bind /home/shared/files /home/website/files/

It will now appear that those files are actually under /home/website/ so will be available even if you restrict the user to this website root directory....

Taken from here:

Setup symbolic link where users can access it with FTP

Answered by Mintakastar on November 15, 2020

You should use something like mount --bind

Answered by Eno on November 15, 2020

A symbolic link is a pointer to the "right" file. But if that original file is outside the jail then you can't access it. This is the goal of a jail. Otherwise a normal user could create a symbolic link in the jail to /etc/passwd and just read it. What a security risk!

So jailed is jailed. Probably a hard link will do the job, as this is a "copy without duplicating the used size". And for the FTP server it is like a normal file (with all the problems).

Answered by mailq on November 15, 2020

Add your own answers!

Ask a Question

Get help from others!

© 2024 All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP