Howto log multiple sftpd instances with their chroot shared via NFS

Peter Stuge peter at
Mon Sep 27 06:20:29 AEST 2021

Jochen Bern wrote:
> OK. This is a behavior I see (and use) on a CentOS SFTP server, but I 
> have no idea how portable it is to other distribs, so just give it a try:
> > # egrep '^[^#]*( mand|sftp)' /etc/ssh/sshd_config
> > Subsystem       sftp    internal-sftp
> > Match group mandanten
> >         ForceCommand internal-sftp -l INFO -u 0077
> > # ls -al ~lvinq4/dev
> > insgesamt 0
> > drwx--x---. 2 root mandanten  6 20. Mai 17:25 .
> > drwxr-x---. 5 root mandanten 54 24. Aug 15:38 ..
> As you can see, the chroots have an *empty* /dev subdir, but logging 
> *still works*, apparently because the chrooted process just keeps using 
> the system-central /dev/log it opened *before* chroot()ing.

I think that works specifically because *no* new process is created
when using internal-sftp as opposed to executing the sftp-server binary.

If syslog-ng can be made to reliably route internal-sftp messages to
user-specific log files then this approach would work well in Hildegard's
setup and would be a lot more pleasant than messing with LD_PRELOAD.


More information about the openssh-unix-dev mailing list