I have multiple directories spread over the file systems of multiple Ubuntu 10.04 servers.
The requirements are to allow a handful of people access a few of these directories over ftp.
For example joe needs to ftp files to /apps/app1. alice needs ability to ftp to /apps/app2 and /mnt/apps/app4 (nfs share to another server)
I really want to keep vsftpd chroot so that these users can't see anything but home directory.
All these users are ldap users. Their home directories are automounted from a central server.
So, ideally, when joe ftp's in, he should see a single directory named "app1". When alice ftps in, she should see directories named "app2" and "app4". Eventually, I'll need to add more "virtual" dirs. For example, alice might need access to /apps/app5 in a few weeks. I'd like to be able to add it so that when she ftp's in, she sees "app2", "app4" and "app5".
It seems like it should be easy, but I've been running in circles on how to get this to work.
OPTION 1
I've tried using fstab and/or autofs to mount stuff using --bind under user home directories. This kinda works. It's annoying that when you use autofs, the directories are not visible via ftp unless someone has accessed them recently.
Why OPTION 1 fails:
Same reason as OPTION 3
OPTION 2
I've tried using soft links, but again, this doesn't seem to work. I created a nfs mounted drive (using autofs) at /mnt/apps/app1. Then I create a link like so ln -s /mnt/apps/app1 /home/ldap/joe/app1.
Why OPTION 2 fails:
When I log into ftp as joe, I can see "app1" dir, but if I try to open it, I get: 550 Failed to open file. Error: Critical file transfer error. Note that /home/ldap/joe is an auto mounted drive that is physcially on a different server under /apps/exports/home/joe. I've read some other places that once a user is chrooted, they can't follow symbolic links outside their home dir.
OPTION3
Configure all users so they have the same home directory, then mount shared dirs under common home dir. If you use autofs, the dir names doen't show up when. If I use fstab, it's very close to a workable solution.
Why OPTION3 fails:
I'm able to mount local dirs fine. But when I try to mount --bind <some mapped drive> /apps/app1
, then when I ftp and browse the directory, I see a 500 Failed to change directory
.
Anyone have an elegant solution for this problem? Maybe there's another ftp server that supports "virtual directories"?
What problems have you been having with symbolic links? I've done this many times.
You'll need to do a bit of scripting to be able to create the sym links for people automatically, but that shouldn't be too hard.