Re: Aw: Re: Howto log multiple sftpd instances with their chroot shared via NFS

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 9/24/2021 10:11 AM, Thorsten Glaser wrote:

On Fri, 24 Sep 2021, Hildegard Meier wrote:


It would not be possible to have a Symlink
/var/data/chroot/<username>/dev/log -> /var/data/chroot/<username>/dev/hostname2/log


Correct that is not needed.
 It looks like the server has a line:
source s_chroot_<username> { unix-stream("/var/data/chroot/<username>/dev/log" optional(yes) ); };

It is not clear if this is created ahead of time or on the fly when the NFS volume is mounted
or for each possible user to create a unix-stream socket in NFS.


What I was proposing is each of the two servers has it own /var/data/chroot/<username>/dev/hostnameX.log
What is not clear is when running in chroot, when an application does
an openlog, syslog or vsyslog are these system calls, or library calls.
i.e. do the read any configuration from the chroot directory?

I think it expects to find /dev/log in the chroot directory and this name
matches what is in the real root directory. So I was proposing
that each sftpd server has a different /dev/hostname.log so a user
could be on both of the servers at the same time.

Hildegard said these are Ubuntu servers, and Ubuntu uses rsyslogd that looks
similar to syslog-ng.

Google'ing for: rsyslog chroot /dev/log

These look interesting.

https://www.the-art-of-web.com/system/sftp-logging-chroot/
https://serverfault.com/questions/878627/logging-chrooted-sftp-user-activity





since /var/data/chroot/<username>/dev/log is already a Symlink to
/var/data/chroot/<username>/dev/hostname1/log (see first step), and it
is the same NFS filesystem.


Not sure I understand the entire situation, but can’t you make
/var/data/chroot/<username>/dev/log a regular file (on the NFS
mount) then bind-mount (see my earlier mail) /dev/log from the
host over it?


Is this what you are trying to do?
https://serverfault.com/questions/878627/logging-chrooted-sftp-user-activity

Instead, use input(type="imuxsock" Socket="/opt/bindmount/dev/log") to create an additional
socket (which you can then bind-mount such that all chroots see it at /dev/log).



bye,
//mirabilos



--

 Douglas E. Engert  <DEEngert@xxxxxxxxx>

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux