[CentOS] Syslog for chroot-jailed SFTP users?
Lincoln Zuljewic Silva
lincolnzsilva at gmail.com
Wed Feb 10 23:18:15 UTC 2010
Each user has their own jail?
I solved a similar issue with jail and syslog adding a "-a
/home/jail/dev/log" parameter to syslog startup.
>From the syslogd man page:
-a socket
Using this argument you can specify additional sockets from that
syslogd has to listen to. This is needed if you're going to let
some daemon run within a chroot() environment. You can use up
to 19 additional sockets. If your environment needs even more,
you have to increase the symbol MAXFUNIX within the syslogd.c
source file. An example for a chroot() daemon is described by
the people from OpenBSD at
http://www.psionic.com/papers/dns.html.
Regards
Lincoln
On Wed, Feb 10, 2010 at 7:08 PM, Sean Carolan <scarolan at gmail.com> wrote:
> Maybe one of you can help. We have set up a CentOS server so that
> each user who logs in via sftp will be jailed in their home directory.
> Here's the relevant sshd_config:
>
> # override default of no subsystems
> Subsystem sftp internal-sftp -f LOCAL2 -l INFO
>
> Match Group sftponly
> ChrootDirectory /home/%u
> ForceCommand internal-sftp
>
> This actually works great, but none of the activities of sftponly
> group members is getting logged. The man page for sftp-server says:
>
> "For logging to work, sftp-server must be able to access /dev/log.
> Use of sftp-server in a chroot configuation therefore requires that
> syslogd(8) establish a logging socket inside the chroot directory."
>
> How do I establish a logging socket inside the chroot directory, when
> the chroot directory is different depending on which user is logging
> in at any given time? I don't want to run separate sockets in every
> customer's chroot directory, this is not practical.
>
> Any ideas?
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
Lincoln Zuljewic Silva
More contact info.: http://www.system.adm.br/contact.php
"How often must a question be asked before it’s considered a
frequently asked question?"
More information about the CentOS
mailing list