Re: sftp-server logging under chroot & privilege separation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2010-3-8 7:53 PM, kjh26@xxxxxxxxxxxx wrote:
> We are using OpenSSH 5.3p1.
> 
> We are using this to host an SFTP drop-box.  We have implemented chroot & 
> privilege separation.
> ... Any ideas?

Assuming the chroot is done via sshd_config and not the old way, here
are some things to look at:

+ turn off the SUID root - there is a way around whatever it was using
sudoer,
+ check that you have created a socket named /dev/log in the chroot
hierarchy,
+ check that syslogd, syslog-ng, or whathaveyou is using that socket,
+ check that the partition where the chroot directory resides is not
mounted with the nodev option.

	"The ChrootDirectory must contain the necessary files
	and directories to support the user's session  ...
	sessions which use logging do require /dev/log inside
	the chroot directory

	http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config


	"Use of sftp-server in a chroot configuration therefore
	requires that syslogd(8) establish a logging socket
	inside the chroot directory.

	http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server

Is that on Solaris, AIX, BSD or Linux?

Regards,
/Lars

[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux