[CentOS] Syslog for chroot-jailed SFTP users?

Sean Carolan scarolan at gmail.com
Wed Feb 10 21:08:10 UTC 2010

Maybe one of you can help.  We have set up a CentOS server so that
each user who logs in via sftp will be jailed in their home directory.
 Here's the relevant sshd_config:

# override default of no subsystems
Subsystem       sftp    internal-sftp -f LOCAL2 -l INFO

Match Group sftponly
        ChrootDirectory /home/%u
        ForceCommand internal-sftp

This actually works great, but none of the activities of sftponly
group members is getting logged.  The man page for sftp-server says:

"For logging to work, sftp-server must be able to access /dev/log.
Use of sftp-server in a chroot configuation therefore requires that
syslogd(8) establish a logging socket inside the chroot directory."

How do I establish a logging socket inside the chroot directory, when
the chroot directory is different depending on which user is logging
in at any given time?  I don't want to run separate sockets in every
customer's chroot directory, this is not practical.

Any ideas?

More information about the CentOS mailing list