Can not capture internal-sftp process log in syslog

Raghu Udupa rudupa at easylink.com
Wed May 9 06:15:03 EST 2012 

Thanks Darren.

I captured the strace. I am getting the error "Too many levels of symbolic links" while trying to connect to /dev/log

connect(7, {sa_family=AF_FILE, path="/dev/log"}, 16) = -1 ELOOP (Too many levels of symbolic links)
close(7)                                = 0

my chrooted dir is /sftp/sftptest
/dev/log is linked to /sftp/sftptest/dev/log

Here is the detailed strace

close(5) = 0
getuid32()              = 0
setgid32(50) = 0
open("/proc/sys/kernel/ngroups_max", O_RDONLY) = 5
read(5, "65536\n", 31)                  = 6
close(5)                                = 0
open("/etc/group", O_RDONLY)            = 5
fcntl64(5, F_GETFD)                     = 0
fcntl64(5, F_SETFD, FD_CLOEXEC)         = 0
fstat64(5, {st_mode=S_IFREG|0644, st_size=670, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f29000
_llseek(5, 0, [0], SEEK_CUR)            = 0
read(5, "root:x:0:root\nbin:x:1:root,bin,d"..., 4096) = 670
read(5, "", 4096)                       = 0
close(5)                                = 0
munmap(0xb7f29000, 4096)                = 0
setgroups32(1, [50])                    = 0
stat64("/", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat64("/sftp/", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
stat64("/sftp/sftptest", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
chdir("/sftp/sftptest")                 = 0
chroot("/sftp/sftptest")                = 0
chdir("/")                              = 0
time(NULL)                              = 1336507416
stat64("/etc/localtime", 0xbfef6420)    = -1 ENOENT (No such file or directory)
open("/etc/localtime", O_RDONLY)        = -1 ENOENT (No such file or directory)
open("/etc/localtime", O_RDONLY)        = -1 ENOENT (No such file or directory)
open("/etc/localtime", O_RDONLY)        = -1 ENOENT (No such file or directory)
socket(PF_FILE, SOCK_DGRAM, 0)          = 5
fcntl64(5, F_SETFD, FD_CLOEXEC)         = 0
connect(5, {sa_family=AF_FILE, path="/dev/log"}, 16) = -1 ELOOP (Too many levels of symbolic links)
close(5)                                = 0
getuid32()                              = 0
getgid32()                              = 50
time(NULL)                              = 1336507416

-----Original Message-----
From: Darren Tucker [mailto:dtucker at zip.com.au] 
Sent: Monday, May 07, 2012 11:16 PM
To: Raghu Udupa
Cc: 'openssh-unix-dev at mindrot.org'
Subject: Re: Can not capture internal-sftp process log in syslog

On Mon, May 07, 2012 at 07:32:39PM +0000, Raghu Udupa wrote:
> I am trying to use internal-sftp to limit sftp only access to a set of users.
[...]
> SYSLOGD_OPTIONS="-m 0 -a /sftp/sftp.log.socket"

the code in syslog(3) is probably trying to open /dev/log within the
chroot.  Try -a /sftp/dev/log, and if that fails try strace'ing the sshd
process to see where it's looking.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list