Howto log multiple sftpd instances with their chroot shared via NFS

Thorsten Glaser t.glaser at
Fri Sep 24 22:15:23 AEST 2021

On Fri, 24 Sep 2021, Stuart Henderson wrote:

> This is amongst the reasons why OpenBSD has the sendsyslog(2) syscall,
> - the syslog daemon opens a
> kernel socket to receive those messages, and processes which want to
> write a log entry just call the standard syslog functions which use

Oh, nice.

> The description was for /var/data/chroot/<username>/dev/log i.e. each
> user has their own separate chroot. So this type of approach would
> require mounting a local fs of some sort over the top of each user's dir

This made me curious, and I tried¹ this. It is possible to bind-mount
sockets on Linux iff the target exists as regular file.

sudo touch /var/data/chroot/<username>/dev/log	# but beware of
						# filesystem-based
						# attacks here!
sudo mount --bind /dev/log /var/data/chroot/<username>/dev/log

① I went and began using this technology here:

Infrastrukturexperte • tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn •
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

/⁀\ The UTF-8 Ribbon
╲ ╱ Campaign against      Mit dem tarent-Newsletter nichts mehr verpassen:
 ╳  HTML eMail! Also,
╱ ╲ header encryption!

More information about the openssh-unix-dev mailing list