Re: Howto log multiple sftpd instances with their chroot shared via NFS

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

Correction:


On 9/29/2021 8:34 AM, Douglas E Engert wrote:

Thanks for the info on the single NFS volume mount.

Another take on the direct bind mount:


If server1 did:
source s_chroot_<username> { unix-stream("/var/data/chroot/<username>/dev/log_server1" optional(yes) ); };

Then for each user server1 would also do (or have in fstab):
mount -bind /var/data/chroot/<username>/dev/log /var/data/chroot/<username>/dev/log_server1

and server2 did:
source s_chroot_<username> { unix-stream("/var/data/chroot/<username>/dev/log_server1" optional(yes) ); };


 Should read:
source s_chroot_<username> { unix-stream("/var/data/chroot/<username>/dev/log_server2" optional(yes) ); };




and also do this:
mount -move /var/data/chroot/<username>/dev/log /var/data/chroot/<username>/dev/log_server2

This would allow each server to have its own /dev/log_host so they would not overwrite each others,
but when the libc went to write to the chrooted  /dev/log, the kernel would write to /dev/log_serverX because
the direct bind is in the host's kernel.



I have not tried this.



On 9/29/2021 3:42 AM, Hildegard Meier wrote:

Hi, I tried now the following:

Add the following line to /etc/fstab:

/var/data/chroot                            /usr/local/sftp_chroot_bind_mount   none    bind                0       2

Then:
mkdir /usr/local/sftp_chroot_bind_mount
mount /usr/local/sftp_chroot_bind_mount

to bind-mount the users's chroot home to /usr/local/sftp_chroot_bind_mount

Then replace in the syslog-ng config:

source s_chroot_<username>    { unix-stream("/var/data/chroot/<username>/dev/log" optional(yes) ); };
with
source s_chroot_<username>    { unix-stream("/usr/local/sftp_chroot_bind_mount/<username>/dev/log" optional(yes) ); };

Restart syslog-ng

That would have been such a simple workaround.
But unfortunately, the problem is not solved with this.
The problem is the same, that there is sftp logging only on the sftp server where syslog-ng was restarted least.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
.





--

 Douglas E. Engert  <DEEngert@xxxxxxxxx>

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux