Aw: Re: Howto log multiple sftpd instances with their chroot shared via NFS

Wed Sep 29 19:54:58 AEST 2021

> Von: "Douglas E Engert" <deengert at gmail.com>
> You already have 800 NFs volumes and they are all mounted on each server.
> (This is based on the syslog-ng configure which create a unix-stream in every volume when started.)

I guess you have misunderstood this. /var/data/chroot/ is only exaclty _one_ NFS volume, which is simply mounted once.
All the sftp user's chrrot directories are under that NFS mount.
There are only 800 sftp config objects, each reads the /dev/log of each sftp user (/var/data/chroot/<username>/dev/log)

The directory structure is like this (for the user sftp_nagios):

drwxr-x---+    6 root        sftp_nagios    6 Sep 28 17:09 .
drwxr-xr-x+ 1143 root        root        1145 Sep 23 15:07 ..
drwxr-x---+    2 root        sftp_nagios    3 Sep 29 11:26 dev
drwxr-xr-x+    2 root        root           3 Oct 31  2014 etc
dr-xr-x---+    3 root        sftp_nagios    3 Sep 10 09:19 in
dr-x------+    2 sftp_nagios sftp_nagios    3 Sep 10 09:59 .ssh

ls -al /var/data/chroot/sftp_nagios/dev
total 4
drwxr-x---+ 2 root sftp_nagios 3 Sep 29 11:26 .
drwxr-x---+ 6 root sftp_nagios 6 Sep 28 17:09 ..
srw-rw-rw-+ 1 root root        0 Sep 29 11:26 log

ls -al /var/data/chroot/sftp_nagios/etc/
total 6
drwxr-xr-x+ 2 root root           3 Oct 31  2014 .
drwxr-x---+ 6 root sftp_nagios    6 Sep 28 17:09 ..
-rw-r--r--+ 1 root root        2309 Oct 31  2014 localtime

ls -al /var/data/chroot/sftp_nagios/in/test/
total 5
dr-xr-x---+ 3 root        sftp_nagios 3 Sep 10 09:21 .
dr-xr-x---+ 3 root        sftp_nagios 3 Sep 10 09:19 ..
drwxrwx---  2 sftp_nagios sftp_nagios 5 Sep 21 16:47 nagios

(nagios does test uploads to it's chrroted dir /in/test/nagios/)

ls -al /var/data/chroot/sftp_nagios/.ssh/
total 4
dr-x------+ 2 sftp_nagios sftp_nagios   3 Sep 10 09:59 .
drwxr-x---+ 6 root        sftp_nagios   6 Sep 28 17:09 ..
-r--r-----+ 1 root        sftp_nagios 401 Sep 10 09:30 authorized_keys

(this is for public key auth, in the future this shall be moved out of the user's chroot dir structure as it is unwanted that the users can change/view that file)