Howto log multiple sftpd instances with their chroot shared via NFS
Peter Stuge
peter at stuge.se
Mon Sep 27 06:20:29 AEST 2021
Jochen Bern wrote:
> OK. This is a behavior I see (and use) on a CentOS SFTP server, but I
> have no idea how portable it is to other distribs, so just give it a try:
>
> > # egrep '^[^#]*( mand|sftp)' /etc/ssh/sshd_config
> > Subsystem sftp internal-sftp
> > Match group mandanten
> > ForceCommand internal-sftp -l INFO -u 0077
>
>
> > # ls -al ~lvinq4/dev
> > insgesamt 0
> > drwx--x---. 2 root mandanten 6 20. Mai 17:25 .
> > drwxr-x---. 5 root mandanten 54 24. Aug 15:38 ..
>
> As you can see, the chroots have an *empty* /dev subdir, but logging
> *still works*, apparently because the chrooted process just keeps using
> the system-central /dev/log it opened *before* chroot()ing.
I think that works specifically because *no* new process is created
when using internal-sftp as opposed to executing the sftp-server binary.
If syslog-ng can be made to reliably route internal-sftp messages to
user-specific log files then this approach would work well in Hildegard's
setup and would be a lot more pleasant than messing with LD_PRELOAD.
//Peter
More information about the openssh-unix-dev
mailing list