How to set up a shared directory using chroot (SFTP)?

Status
Not open for further replies.

Spark

Cadet
Joined
Jul 24, 2012
Messages
5
Hi everyone!

I've been spending hours to find how to set up a shared folder using chroot.
As mentioned on the freeness documentation, I created a ZFS dataset for each user requiring SFTP access.
The first one is /mnt/nemesis/Laurent
The second one is /mnt/nemesis/Damien
etc etc…

I want theses users to be able to reach the path /mnt/nemesis/Videos from /mnt/nemesis/Laurent/share/videos (first user) and /mnt/nemesis/Damien/share/videos (second user). But /mnt/nemesis/Videos is outside of the two jails.

So I tried to create a hard link for each user using the commands:
mount_nullfs /mnt/nemesis/Videos/ /mnt/nemesis/Laurent/share/videos/
mount_nullfs /mnt/nemesis/Videos/ /mnt/nemesis/Damien/share/videos/

It works perfectly but only until I reboot the freenas server.

So I typed in the command mount -uw /
I added the followings line to /etc/fstab:
/mnt/nemesis/Videos/ /mnt/nemesis/Laurent/share/videos/ nullfs rw 0 0
/mnt/nemesis/Videos/ /mnt/nemesis/Damien/share/videos/ nullfs rw 0 0

Then, I typed in the command mount -ur / and rebooted the freeness server but it didn't work. The fstab change wasn't saved.
Finally, I found an explanation on a forum: the fstab is generated by the system after each reboot.

Could you help me, pleaseeee? This issue drives me crazy :(
 

Spark

Cadet
Joined
Jul 24, 2012
Messages
5
Everyone could help me, please??
 

Spark

Cadet
Joined
Jul 24, 2012
Messages
5
The link you sent me relate to plugins, not users, isn't it?
It works fine to mount points from the plugin jail but there is no way to mount points from another jail.
I'm looking for a similar solution regarding users.

Do you think it's possible?
 

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
But /mnt/nemesis/Videos is outside of the two jails.

Pardon me, but WHAT!? TWO jails!? You can only have ONE jail on a FreeNAS server. The UI doesn't have any way to let you setup a second one.

I really don't understand what you are trying to say. I think paleoN is the same, which is why he mentioned mount points. That's what I thought you were trying to use with the mount_nullfs commands.

Users, as far as I know, can't be shared with the jail. You can use mount points to give a jail access to files outside the jail, but that's all. The jail is basically another full OS run as a virtual machine of sorts. You could share files between the 2 using mount points, but not users(as far as I know).

Are you saying your users are trying to SFTP into the jail? They shouldn't be needing to do that(assuming SFTP is even available inside the jail). Users should be using data outside the jail via shares, ftp, etc.

It works fine to mount points from the plugin jail but there is no way to mount points from another jail.

I'll say it again. There's only 1 jail. I'm not sure where this "other" jail is. I'm pretty sure you are speaking English as a second language, but it sounds like you are either very very confused and you really have no grasp of how a jail works or your English translation is killing your idea :(

I'm not sure you're going to get help with the forum if you can't fully explain what you are trying to do. That's probably why you got no answers originally on your question.
 

Spark

Cadet
Joined
Jul 24, 2012
Messages
5
Sorry guys! That's true I have no grasp of how a jail works. To be honest, I'm not a Unix expert :s
Anyway, you're right, I've only one jail: the plugin jail. I didn't use the correct term regarding the two other folders below.

So I'll try to be more accurate:
I created a ZFS dataset for each user requiring SFTP access.
The first one is /mnt/nemesis/Laurent
The second one is /mnt/nemesis/Damien

I also create another ZFS dataset called Videos. I want to use it as a shared folder.

I set up the SSH service using the following extra options:
Code:
Match Group sftp
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no

That way the 2 users are not able to navigate outside of their home directory and they can't use SSH commands.
I called these two ZFS datasets "jails" because users can't navigate outside but I reckon that it's called chroot, am I right?


The issue is that theses users are not able to reach the path /mnt/nemesis/Videos from /mnt/nemesis/Laurent/share/videos (first user) and /mnt/nemesis/Damien/share/videos (second user).
I know it's normal because of the chroot but is it possible to create a link between users and Videos?

Is there an easier solution to share a folder between several SFTP users using chroot?

It's not easy to explain this issue so I hope that my explanation is clear :)
 

Spark

Cadet
Joined
Jul 24, 2012
Messages
5
Is my explanation still confusing?
 

paleoN

Wizard
Joined
Apr 22, 2012
Messages
1,403
Is my explanation still confusing?
No, it is clear now. I didn't look into this anymore and I don't have an answer for you.

Though if I understand you correctly you have it working with mount_nullfs, but lose it on a reboot. If so how about doing the mount commands from rc.local?
 
Status
Not open for further replies.
Top