HOWTO: Share multiple folders with multiple ftp users in linux

So, you are running an FTP server and are trying to share some folders outside of user's home path with multiple users? Well, there are couple of ways you can go about this problem:
1) Do no chroot users to their own folders and create a link that points to folders you are trying to share
2) Chroot each user to his/her own home folder and create a link for every file/folder you are trying to share
3) Chroot each user to his/her own home folder and mount folder you are trying to share inside user's home folder

Now, let's analyze each way.
Approach #1 is probably not very desirable as it is not very secure. Unless you are chrooting your users to their home folders, users could potentially have access to any folder on your hard drive if your permissions are not configured correctly.
Approach #2 is good from security perspective, but bad from sharing perspective. If you have various users with various overlapping groups, it could be difficult to properly configure access rights to shared folders. Also, it could potentially be a nightmare to create a link to every file/folder you are trying to share.
Finally, the third approach. In my opinion it is the best one as it has all the security benefits and none of the sharing weaknesses of the second approach. I am going to assume that you want to share a folder with some users and do NOT give them any write access to those folders for security reasons. To accomplish this, you need to follow these easy steps:
1) Create mount points in user's home folder for each folder structure you are trying to share
2) Mount the folder that you'd like to share into specified mount points
3) (Optional) If you want your mounts to be persistent, add your mount command into /etc/fstab file

Intrigued? Good! Here's how to do it:
Mount command has a bind mode, which allows you to "remount part of the file hierarchy somewhere else." To make a temporary bind, execute the following commands in your command line:

$ sudo mount --bind /path/to/shared/folder /home/user1/mount/point
$ sudo mount -o remount,ro,bind /home/user1/mount/point

The second command is used to make the mount point read only. This way user1 will not be able to delete any files in that mount. The only problem with these commands is that they mount only the top level folder. To fix this replace all occurrences of bind with rbind like so:

$ sudo mount --rbind /path/to/shared/folder /home/user1/mount/point
$ sudo mount -o remount,ro,rbind /home/user1/mount/point

If you want to make these mounts persistent, edit your /etc/fstab file in the following manner:

/path/to/source/folder    /path/to/mount/point   none   rbind                   0 0
/path/to/source/folder    /path/to/mount/point   none   remount,rbind,ro   0 0

Questions and comments are welcomed!

Comments