[patch] postauth processes to log via monitor

Petr Lautrbach plautrba at redhat.com
Tue Dec 2 02:40:03 EST 2014

On 10/01/2014 03:33 PM, Petr Lautrbach wrote:
> Hi,
> there is a long standing problem with logging in chroots. Especially,
> when you use %u in ChrootDirectory, it is nearly impossible to have
> /dev/log in every possible chroot for all users.
> It seems to be important mainly for sftp-internal session which are
> simply configurable to be chrooted and where admins would like to log
> sftp session commands.
> I have put together a patch which introduces a new configuration option
> LogViaMonitor. When this option is 'yes', then postauth unprivileged
> processes log via their monitor process instead of via standard channels
> (syslog, stderr).
> I've removed closefrom() from close_child_fds() in order not to close
> m_log_send_fd socket before sftp_server_main() is called. And I've put
> it to a part of code where it's clear that there will be exec().
> I'd appreciate any comment or suggestion.


Do you have any comments, objections or hints?


Petr Lautrbach

More information about the openssh-unix-dev mailing list