Each user has their own jail?
I solved a similar issue with jail and syslog adding a "-a /home/jail/dev/log" parameter to syslog startup.
From the syslogd man page:
-a socket Using this argument you can specify additional sockets from that syslogd has to listen to. This is needed if you're going to let some daemon run within a chroot() environment. You can use up to 19 additional sockets. If your environment needs even more, you have to increase the symbol MAXFUNIX within the syslogd.c source file. An example for a chroot() daemon is described by the people from OpenBSD at http://www.psionic.com/papers/dns.html.
Regards Lincoln
On Wed, Feb 10, 2010 at 7:08 PM, Sean Carolan scarolan@gmail.com wrote:
Maybe one of you can help. We have set up a CentOS server so that each user who logs in via sftp will be jailed in their home directory. Here's the relevant sshd_config:
# override default of no subsystems Subsystem sftp internal-sftp -f LOCAL2 -l INFO
Match Group sftponly ChrootDirectory /home/%u ForceCommand internal-sftp
This actually works great, but none of the activities of sftponly group members is getting logged. The man page for sftp-server says:
"For logging to work, sftp-server must be able to access /dev/log. Use of sftp-server in a chroot configuation therefore requires that syslogd(8) establish a logging socket inside the chroot directory."
How do I establish a logging socket inside the chroot directory, when the chroot directory is different depending on which user is logging in at any given time? I don't want to run separate sockets in every customer's chroot directory, this is not practical.
Any ideas? _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos