[CentOS] Syslog for chroot-jailed SFTP users?

Lincoln Zuljewic Silva lincolnzsilva at gmail.com
Wed Feb 10 23:18:15 UTC 2010 

Each user has their own jail?

I solved a similar issue with jail and syslog adding a "-a
/home/jail/dev/log" parameter to syslog startup.

>From the syslogd man page:
       -a socket
              Using this argument you can specify additional sockets from that
              syslogd has to listen to.  This is needed if you're going to let
              some daemon run within a chroot() environment.  You can  use  up
              to  19 additional sockets.  If your environment needs even more,
              you have to increase the symbol MAXFUNIX  within  the  syslogd.c
              source  file.   An example for a chroot() daemon is described by
              the          people          from           OpenBSD           at
              http://www.psionic.com/papers/dns.html.

Regards
Lincoln


On Wed, Feb 10, 2010 at 7:08 PM, Sean Carolan <scarolan at gmail.com> wrote:
> Maybe one of you can help.  We have set up a CentOS server so that
> each user who logs in via sftp will be jailed in their home directory.
>  Here's the relevant sshd_config:
>
> # override default of no subsystems
> Subsystem       sftp    internal-sftp -f LOCAL2 -l INFO
>
> Match Group sftponly
>        ChrootDirectory /home/%u
>        ForceCommand internal-sftp
>
> This actually works great, but none of the activities of sftponly
> group members is getting logged.  The man page for sftp-server says:
>
> "For logging to work, sftp-server must be able to access /dev/log.
> Use of sftp-server in a chroot configuation therefore requires that
> syslogd(8) establish a logging socket inside the chroot directory."
>
> How do I establish a logging socket inside the chroot directory, when
> the chroot directory is different depending on which user is logging
> in at any given time?  I don't want to run separate sockets in every
> customer's chroot directory, this is not practical.
>
> Any ideas?
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Lincoln Zuljewic Silva
More contact info.: http://www.system.adm.br/contact.php

"How often must a question be asked before it’s considered a
frequently asked question?"

More information about the CentOS mailing list