[Bug 3662] Provide chrooted sftp users dedicated session log without /dev/log unix socket in users chroot jail (that does not work when chroot jail is shared between multiple sftp servers e.g. via NFS)

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Feb 7 01:39:34 AEDT 2024 

https://bugzilla.mindrot.org/show_bug.cgi?id=3662

Miranda <daku8938 at gmx.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Enhance sftp-server with a  |Provide chrooted sftp users
                   |parameter to customize the  |dedicated session log
                   |name of the log device      |without /dev/log unix
                   |(currently fix /dev/log)    |socket in users chroot jail
                   |                            |(that does not work when
                   |                            |chroot jail is shared
                   |                            |between multiple sftp
                   |                            |servers e.g. via NFS)

--- Comment #8 from Miranda <daku8938 at gmx.de> ---
@Damien Very sad that the fix /dev/log name is burried so deep in the
code.

An alternative minimal-invasive solution would be to to allow to follow
symlink if /dev/log in user's chroot jail is a symlink to a local file.

Give the /usr/lib/sftp-server program a new parameter

-L <0=do not allow to follow /dev/log if it's a symlink out of jail
(default) | 1=follow if /dev/log is a symlink out of jail>

(so, this would be the same concept as now with the bind mount, only to
be a symlink, so the performance and scaling problem would be solved)

In my case that would be the symlink:

/var/data/chroot/<username>/dev/log -> /var/data/dev/<username>


Best way I could imagine would be to provide /usr/lib/sftp-server
program a new parameter

-L <user log file wit %u being username macro>

e.g. so one could set

"ForceCommand internal-sftp -L /var/log/sftp/%u.log"

I can understand that it is not easy for you to change something here,
but please also understand that we need a solution. It seems like we
are a really rare user that operates OpenSSH SFTP as a HA cluster
having the user's chroot shared via NFS, and therefore the user logging
with exclusive lock on /dev/log in chroot does not work. Otherwise this
isse must have been reportet already long time ago.

Any solution welcome, if we could only have one. Thanks

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list