Howto log multiple sftpd instances with their chroot shared via NFS
David Newall
openssh at davidnewall.com
Thu Sep 30 02:48:40 AEST 2021
Hi Hildegard,
On 30/9/21 1:01 am, Hildegard Meier wrote:
> Thanks David,
>
> I think you describe the problem correctly, and your approach could work, but unfortunately it would be a way too complicated mess.
>
> As I had written in my summary
> https://lists.mindrot.org/pipermail/openssh-unix-dev/2021-September/039677.html
>
> "Since we have 800 users, it would be impractical unrobust to use user-specifc e.g. bind) mounts (e.g. 800 bind-over-mounts). To keep it simple, clear and coherent, all user's homes must be on the same one singular NFS-Share."
I may have explained myself poorly. No bind mount is required. You need
one NFS mount over /var/data/chroot/home (yielding /home/<user> for all
possible users), and one dynamic mount of user's home directory when
they log in. (Dynamically mounting users home directory is quite common
and is handled by automount.)
I might also have misunderstood your desire to automount home
directories. Perhaps you don't want to do that, and have all user home
directories on the one NFS share, mounted over /var/data/chroot/home.
If so, great, that's all you need: create /var/data/chroot (a local
directory containg dev, home and lib directories, as well as ssh-server
executable) and NFS mount the share containing all of your user
directories over /var/data/chroot/home.
If I've still not got it right, you might explain to me what is
complicated so that I can better understand.
Regards,
David
More information about the openssh-unix-dev
mailing list