Hi, I have been playing around with mod_chroot for a few weeks;
everything works fine with the exception of symlinks to folders
outside the jail. This issues does not seem to be specific to
mod_chroot, but with chrooting in general.
[...]
I have a few questions:
1. Does creating a symlink to a folder outside the jail, and have a
non-root user access it, defeat the purpose of creating the jail? Why?
Creating a symlink to a folder outside the jail simply doesn't work.
Once inside a jail, a process cannot access anything outside the jail -
this also applies to symlinks.
You could create a normal (or so-called hard) link, which would work,
but it's against the idea of chroot(); we're trying to restrict Apache
to a certain directory.
2. Is there a solution/work-around for the above scenario?
If you're on Linux, mount -o bind might do the trick. I think there is a
similar thing under FreeBSD.
regards,
--
Marek Gutkowski
