Aw: Re: Howto log multiple sftpd instances with their chroot shared via NFS
Douglas E Engert
deengert at gmail.com
Sat Sep 25 07:24:57 AEST 2021
On 9/24/2021 10:11 AM, Thorsten Glaser wrote:
> On Fri, 24 Sep 2021, Hildegard Meier wrote:
>
>> It would not be possible to have a Symlink
>> /var/data/chroot/<username>/dev/log -> /var/data/chroot/<username>/dev/hostname2/log
Correct that is not needed.
It looks like the server has a line:
source s_chroot_<username> { unix-stream("/var/data/chroot/<username>/dev/log" optional(yes) ); };
It is not clear if this is created ahead of time or on the fly when the NFS volume is mounted
or for each possible user to create a unix-stream socket in NFS.
What I was proposing is each of the two servers has it own /var/data/chroot/<username>/dev/hostnameX.log
What is not clear is when running in chroot, when an application does
an openlog, syslog or vsyslog are these system calls, or library calls.
i.e. do the read any configuration from the chroot directory?
I think it expects to find /dev/log in the chroot directory and this name
matches what is in the real root directory. So I was proposing
that each sftpd server has a different /dev/hostname.log so a user
could be on both of the servers at the same time.
Hildegard said these are Ubuntu servers, and Ubuntu uses rsyslogd that looks
similar to syslog-ng.
Google'ing for: rsyslog chroot /dev/log
These look interesting.
https://www.the-art-of-web.com/system/sftp-logging-chroot/
https://serverfault.com/questions/878627/logging-chrooted-sftp-user-activity
>>
>> since /var/data/chroot/<username>/dev/log is already a Symlink to
>> /var/data/chroot/<username>/dev/hostname1/log (see first step), and it
>> is the same NFS filesystem.
>
> Not sure I understand the entire situation, but can’t you make
> /var/data/chroot/<username>/dev/log a regular file (on the NFS
> mount) then bind-mount (see my earlier mail) /dev/log from the
> host over it?
Is this what you are trying to do?
https://serverfault.com/questions/878627/logging-chrooted-sftp-user-activity
Instead, use input(type="imuxsock" Socket="/opt/bindmount/dev/log") to create an additional
socket (which you can then bind-mount such that all chroots see it at /dev/log).
>
> bye,
> //mirabilos
>
--
Douglas E. Engert <DEEngert at gmail.com>
More information about the openssh-unix-dev
mailing list