FAQ
I have a shared web server that users can SSH / SFTP into to access their
web content. Each users home directory is in a change root, and I use
"mount -o bind" to put their respective webpage's document root into their
home directory. Recently I was made aware that the contents of the mount's
source are not the same as the mount point's, which I don't see how that is
possible.

The file system is 3 virtual disks...each part of the same volume group. I
have three LVMs, "/" , "/chroot" , and "/var".

Here's the entry in /etc/fstab...

/var/www/example.com /chroot/home/user1/example.com none
defaults,bind 0 0

The mount is active, yet running a recursive diff between "/var/www/
example.com" and "/chroot/home/user1/example.com" shows numerous
differences.

Here's "mount" output
------------------
/dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,modeb0)
/dev/sda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
/dev/mapper/VolGroup00-lv_chroot on /chroot type ext3 (rw)
/var/www/example.com on /chroot/home/user1/example.com type none (rw,bind)
/dev/mapper/VolGroup00-lv_var on /var type ext3 (rw)


I honestly have no idea how this is possible. Is using "mount -o bind" not
the best method to give a chrooted user access to a single directory outside
the chroot? Would it be better to leave the web root in the chroot and have
Apache (outside chroot) reference that location?

Thanks
- Trey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.centos.org/pipermail/centos/attachments/20110822/cfbbd559/attachment.html

Search Discussions

  • Dennis Jacobfeuerborn at Aug 22, 2011 at 3:48 pm

    On 08/22/2011 07:01 PM, Trey Dockendorf wrote:
    I have a shared web server that users can SSH / SFTP into to access their
    web content. Each users home directory is in a change root, and I use
    "mount -o bind" to put their respective webpage's document root into their
    home directory. Recently I was made aware that the contents of the mount's
    source are not the same as the mount point's, which I don't see how that is
    possible.

    The file system is 3 virtual disks...each part of the same volume group. I
    have three LVMs, "/" , "/chroot" , and "/var".

    Here's the entry in /etc/fstab...

    /var/www/example.com <http://example.com> /chroot/home/user1/example.com
    <http://example.com> none defaults,bind 0 0

    The mount is active, yet running a recursive diff between
    "/var/www/example.com <http://example.com>" and
    "/chroot/home/user1/example.com <http://example.com>" shows numerous
    differences.

    Here's "mount" output
    ------------------
    /dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw)
    proc on /proc type proc (rw)
    sysfs on /sys type sysfs (rw)
    devpts on /dev/pts type devpts (rw,gid=5,modeb0)
    /dev/sda1 on /boot type ext3 (rw)
    tmpfs on /dev/shm type tmpfs (rw)
    none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
    /dev/mapper/VolGroup00-lv_chroot on /chroot type ext3 (rw)
    /var/www/example.com <http://example.com> on /chroot/home/user1/example.com
    <http://example.com> type none (rw,bind)
    /dev/mapper/VolGroup00-lv_var on /var type ext3 (rw)


    I honestly have no idea how this is possible. Is using "mount -o bind" not
    the best method to give a chrooted user access to a single directory
    outside the chroot? Would it be better to leave the web root in the chroot
    and have Apache (outside chroot) reference that location?
    What kind of differences does the diff show? Missing files, corruption in
    the files, do modifications that you make in one directory not show up in
    the other?

    Regards,
    Dennis
  • James Hogarth at Aug 22, 2011 at 4:15 pm

    On 22 August 2011 20:48, Dennis Jacobfeuerborn wrote:
    On 08/22/2011 07:01 PM, Trey Dockendorf wrote:
    I have a shared web server that users can SSH / SFTP into to access their
    web content. ?Each users home directory is in a change root, and I use
    "mount -o bind" to put their respective webpage's document root into their
    home directory. ?Recently I was made aware that the contents of the mount's
    source are not the same as the mount point's, which I don't see how that is
    possible.

    The file system is 3 virtual disks...each part of the same volume group. ?I
    have three LVMs, "/" , "/chroot" , and "/var".

    Here's the entry in /etc/fstab...

    /var/www/example.com <http://example.com> ? /chroot/home/user1/example.com
    <http://example.com> ? none ? ?defaults,bind ? 0 ? 0

    The mount is active, yet running a recursive diff between
    "/var/www/example.com <http://example.com>" and
    "/chroot/home/user1/example.com <http://example.com>" shows numerous
    differences.

    This is a bit of a shot in the dark perhaps but in which order was the
    bind mount and httpd restarted last happen? Is it possible that httpd
    has a file handle to the inode where the underlying directory for the
    place being mounted too rather than the directory that is being bound?
    If you unmount the binding do you see any files there? Which location
    has the most recent files? These are the questions that first time to
    my mind for troubleshooting purposes.
  • Trey Dockendorf at Aug 22, 2011 at 6:27 pm

    On Mon, Aug 22, 2011 at 3:15 PM, James Hogarth wrote:
    On 22 August 2011 20:48, Dennis Jacobfeuerborn wrote:
    On 08/22/2011 07:01 PM, Trey Dockendorf wrote:
    I have a shared web server that users can SSH / SFTP into to access
    their
    web content. Each users home directory is in a change root, and I use
    "mount -o bind" to put their respective webpage's document root into
    their
    home directory. Recently I was made aware that the contents of the
    mount's
    source are not the same as the mount point's, which I don't see how that
    is
    possible.

    The file system is 3 virtual disks...each part of the same volume group.
    I
    have three LVMs, "/" , "/chroot" , and "/var".

    Here's the entry in /etc/fstab...

    /var/www/example.com <http://example.com> /chroot/home/user1/
    example.com
    <http://example.com> none defaults,bind 0 0

    The mount is active, yet running a recursive diff between
    "/var/www/example.com <http://example.com>" and
    "/chroot/home/user1/example.com <http://example.com>" shows numerous
    differences.

    This is a bit of a shot in the dark perhaps but in which order was the
    bind mount and httpd restarted last happen? Is it possible that httpd
    has a file handle to the inode where the underlying directory for the
    place being mounted too rather than the directory that is being bound?
    If you unmount the binding do you see any files there? Which location
    has the most recent files? These are the questions that first time to
    my mind for troubleshooting purposes.
    _______________________________________________
    CentOS mailing list
    CentOS at centos.org
    http://lists.centos.org/mailman/listinfo/centos
    @Dennis,

    The differences were basically any changes made by the user , but for how
    long I'm unsure. It was reported today but that could be that he wasn't
    using the files until today. The differences between the the mount point
    and source were a wide range of things from small file changes or entire
    directories...nothing corrupt, but it seemed like there was a point in which
    changes made to the mount point (within the chroot) no longer appeared at
    the mount source.

    @James

    When I unmounted the directory there were indeed files in the mount point's
    folder. It seemed that the mount point (in chroot) was the only thing
    effected by changes, not the source (out of chroot). I don't understand the
    question about httpd and the file handle inode. Could you explain?

    What was strange (and maybe this is expected while still mounted), rsync did
    not have an effect when run in an attempt to update the source with the
    mount point. I ended up having to restore from last night's backup to
    resolve this, but am extremely puzzled as to why this happened, and a bit
    worried as this was going to be my new method for allowing access to hosted
    web services via SSH / SFTP.

    Thanks
    - Trey
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: http://lists.centos.org/pipermail/centos/attachments/20110822/3799b407/attachment.html

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcentos @
categoriescentos
postedAug 22, '11 at 1:01p
activeAug 22, '11 at 6:27p
posts4
users3
websitecentos.org
irc#centos

People

Translate

site design / logo © 2021 Grokbase