Howto log multiple sftpd instances with their chroot shared via NFS
Thorsten Glaser
t.glaser at tarent.de
Fri Sep 24 22:15:23 AEST 2021
On Fri, 24 Sep 2021, Stuart Henderson wrote:
> This is amongst the reasons why OpenBSD has the sendsyslog(2) syscall,
> https://man.openbsd.org/sendsyslog.2 - the syslog daemon opens a
> kernel socket to receive those messages, and processes which want to
> write a log entry just call the standard syslog functions which use
Oh, nice.
> The description was for /var/data/chroot/<username>/dev/log i.e. each
> user has their own separate chroot. So this type of approach would
> require mounting a local fs of some sort over the top of each user's dir
This made me curious, and I tried¹ this. It is possible to bind-mount
sockets on Linux iff the target exists as regular file.
sudo touch /var/data/chroot/<username>/dev/log # but beware of
# filesystem-based
# attacks here!
sudo mount --bind /dev/log /var/data/chroot/<username>/dev/log
① I went and began using this technology here:
https://github.com/mirabilos/shellsnippets/blob/master/posix/debchroot.sh
bye,
//mirabilos
--
Infrastrukturexperte • tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
****************************************************
/⁀\ The UTF-8 Ribbon
╲ ╱ Campaign against Mit dem tarent-Newsletter nichts mehr verpassen:
╳ HTML eMail! Also, https://www.tarent.de/newsletter
╱ ╲ header encryption!
****************************************************
More information about the openssh-unix-dev
mailing list