Howto log multiple sftpd instances with their chroot shared via NFS

David Newall openssh at
Fri Oct 1 16:32:29 AEST 2021

Hi Hildegard,

On 1/10/21 2:44 pm, Hildegard Meier wrote:
> mount --bind/var/data/dev/<username>/var/data/chroot/<username>/dev
> so/var/data/chroot/<username>/dev is now effectively local on the sftp server, not anymore on nfs mount.

That's not right.  This doesn't magically turn an NFS mount into a local 
mount.  If /var/data/chroot/<username>/dev is NFS mounted, 
/var/data/dev/<username> is also NFS mounted.

I believe I explained what you need to do but for some reason you didn't 
like it, and when I asked why, you never replied.

To repeat myself:

1. Create /var/data/chroot/dev, /var/data/chroot/home and 
/var/data/chroot/lib on both machines.

2. Configure your syslog daemon to read from /var/data/chroot/dev/log.

3. Configure SSH to chroot for the SFTP users to /var/data/chroot.

4. Mount your current NFS share which contains all 800 user directories 
over /var/data/chroot/home.

For extra points, instead of step 4, although I think is the bit you 
didn't like, while at the same time I think is the bit that you said you 
really want, so there's cognitive dissonance for you:

4. Mount a NFS share which contains empty directories for all 800 users 
over /var/data/chroot/home.

5. When a user logs in use automount to NSF mount their home directory 
over /var/data/chroot/home/<username>.

This is not hard.



More information about the openssh-unix-dev mailing list