[Bug 3662] Provide chrooted sftp users dedicated session log without /dev/log unix socket in users chroot jail (that does not work when chroot jail is shared between multiple sftp servers e.g. via NFS)

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Feb 14 00:45:20 AEDT 2024


https://bugzilla.mindrot.org/show_bug.cgi?id=3662

--- Comment #11 from Miranda <daku8938 at gmx.de> ---
(In reply to Damien Miller from comment #3)
> you shouldn't need a /dev/log socket with internal-sftp, it logs via
> the privileged monitor sshd process that runs without chroot

It would be a solution for the chroot log device problem, to use the
log from the privileged monitor sshd process that you mention here, but
only if each sftp user's session log line has a unique identifiable log
line prefix.

My suggestion for a solution:
Change the current log prefix

" internal-sftp[<PID>]: "

to

" internal-sftp[<PID>][<username>]: "

E.g. change
" internal-sftp[12345]: "
to
" internal-sftp[12345][myusername]: "

E.g. here an example of a session with file upload:

Feb 13 14:37:30 10.1.2.3 internal-sftp[16066][myuser]: session opened
for local user myuser from [10.7.2.100]
Feb 13 14:37:30 10.1.2.3 internal-sftp[16066][myuser]: open "/file.txt"
flags WRITE,CREATE,TRUNCATE mode 0644
Feb 13 14:37:30 10.1.2.3 internal-sftp[16066][myuser]: close
"/file.txt" bytes read 0 written 44
Feb 13 14:37:30 10.1.2.3 internal-sftp[16066][myuser]: session closed
for local user myuser from [10.7.2.100]

With that it would be possible to reliably filter out the session log
lines for each sftp user.

Please check and comment if this could be a solution for you.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list