You are not logged in.

#1 2013-11-07 17:23:37

From: disabled
Registered: 2006-03-31
Posts: 285

many chroots + mount --bind dilemma

Hi there,

I'm setting up what could best be described as a service hosting platform (like mail, webs, etc.) and I need to build it on top of domains as the centre of the universe, not the "clients" (it's not a profit-oriented platform).

Given this I have a service structure like this: /srv/domains/[domain]/[service]  (such as /srv/domains/{xmpp,http,...})

And of course I need these to be accessible by users (aka "clients") but I can't really give them exclusive access to domain data via UGO/ACL due to some platform limitations/requirements I have yet to deal with (see below)  so I decided to put clients in jails/chroot in their home directory, which is /home/clients/[client].

A client can have multiple domains under his administration as well as one domain can be administered by multiple clients. Clients will have, among other things, ssh access to this chrooted environment and I need them to have access to all the domain data from the jail. Hardlinking would be an elegant yet very impractical solution since we can't link directories safely. I decided to use mount bind, i.e.

mount -o bind /srv/domains/[domain] /home/clients/[client]/domains/[domain]

My dilemma is that I always considered mount bind being an "ugly hack". Were talking tens of clients and hundreds of domains here so there are possibly even thousands of mound binds involved. Is this a good idea? Is there an alternative approach? What do you think?



Last edited by mr.MikyMaus (2013-11-08 10:48:37)

What happened to Arch's KISS? systemd sure is stupid but I must have missed the simple part ...

... and who is general Failure and why is he reading my harddisk?


Board footer

Powered by FluxBB