Trey Dockendorf
2011-Aug-22 17:01 UTC
[CentOS] Mount --bind source / mountpoint out of sync
I have a shared web server that users can SSH / SFTP into to access their web content. Each users home directory is in a change root, and I use "mount -o bind" to put their respective webpage's document root into their home directory. Recently I was made aware that the contents of the mount's source are not the same as the mount point's, which I don't see how that is possible. The file system is 3 virtual disks...each part of the same volume group. I have three LVMs, "/" , "/chroot" , and "/var". Here's the entry in /etc/fstab... /var/www/example.com /chroot/home/user1/example.com none defaults,bind 0 0 The mount is active, yet running a recursive diff between "/var/www/ example.com" and "/chroot/home/user1/example.com" shows numerous differences. Here's "mount" output ------------------ /dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/sda1 on /boot type ext3 (rw) tmpfs on /dev/shm type tmpfs (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) /dev/mapper/VolGroup00-lv_chroot on /chroot type ext3 (rw) /var/www/example.com on /chroot/home/user1/example.com type none (rw,bind) /dev/mapper/VolGroup00-lv_var on /var type ext3 (rw) I honestly have no idea how this is possible. Is using "mount -o bind" not the best method to give a chrooted user access to a single directory outside the chroot? Would it be better to leave the web root in the chroot and have Apache (outside chroot) reference that location? Thanks - Trey -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20110822/cfbbd559/attachment-0002.html>
Dennis Jacobfeuerborn
2011-Aug-22 19:48 UTC
[CentOS] Mount --bind source / mountpoint out of sync
On 08/22/2011 07:01 PM, Trey Dockendorf wrote:> I have a shared web server that users can SSH / SFTP into to access their > web content. Each users home directory is in a change root, and I use > "mount -o bind" to put their respective webpage's document root into their > home directory. Recently I was made aware that the contents of the mount's > source are not the same as the mount point's, which I don't see how that is > possible. > > The file system is 3 virtual disks...each part of the same volume group. I > have three LVMs, "/" , "/chroot" , and "/var". > > Here's the entry in /etc/fstab... > > /var/www/example.com <http://example.com> /chroot/home/user1/example.com > <http://example.com> none defaults,bind 0 0 > > The mount is active, yet running a recursive diff between > "/var/www/example.com <http://example.com>" and > "/chroot/home/user1/example.com <http://example.com>" shows numerous > differences. > > Here's "mount" output > ------------------ > /dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw) > proc on /proc type proc (rw) > sysfs on /sys type sysfs (rw) > devpts on /dev/pts type devpts (rw,gid=5,mode=620) > /dev/sda1 on /boot type ext3 (rw) > tmpfs on /dev/shm type tmpfs (rw) > none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) > /dev/mapper/VolGroup00-lv_chroot on /chroot type ext3 (rw) > /var/www/example.com <http://example.com> on /chroot/home/user1/example.com > <http://example.com> type none (rw,bind) > /dev/mapper/VolGroup00-lv_var on /var type ext3 (rw) > > > I honestly have no idea how this is possible. Is using "mount -o bind" not > the best method to give a chrooted user access to a single directory > outside the chroot? Would it be better to leave the web root in the chroot > and have Apache (outside chroot) reference that location?What kind of differences does the diff show? Missing files, corruption in the files, do modifications that you make in one directory not show up in the other? Regards, Dennis