Thorsten Glaser
2021-Sep-24 15:11 UTC
Aw: Re: Howto log multiple sftpd instances with their chroot shared via NFS
On Fri, 24 Sep 2021, Hildegard Meier wrote:> It would not be possible to have a Symlink > /var/data/chroot/<username>/dev/log -> /var/data/chroot/<username>/dev/hostname2/log > > since /var/data/chroot/<username>/dev/log is already a Symlink to > /var/data/chroot/<username>/dev/hostname1/log (see first step), and it > is the same NFS filesystem.Not sure I understand the entire situation, but can?t you make /var/data/chroot/<username>/dev/log a regular file (on the NFS mount) then bind-mount (see my earlier mail) /dev/log from the host over it? bye, //mirabilos -- Infrastrukturexperte ? tarent solutions GmbH Am Dickobskreuz 10, D-53121 Bonn ? http://www.tarent.de/ Telephon +49 228 54881-393 ? Fax: +49 228 54881-235 HRB AG Bonn 5168 ? USt-ID (VAT): DE122264941 Gesch?ftsf?hrer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg **************************************************** /?\ The UTF-8 Ribbon ? ? Campaign against Mit dem tarent-Newsletter nichts mehr verpassen: ? HTML eMail! Also, https://www.tarent.de/newsletter ? ? header encryption! ****************************************************
Douglas E Engert
2021-Sep-24 21:24 UTC
Aw: Re: Howto log multiple sftpd instances with their chroot shared via NFS
On 9/24/2021 10:11 AM, Thorsten Glaser wrote:> On Fri, 24 Sep 2021, Hildegard Meier wrote: > >> It would not be possible to have a Symlink >> /var/data/chroot/<username>/dev/log -> /var/data/chroot/<username>/dev/hostname2/logCorrect that is not needed. It looks like the server has a line: source s_chroot_<username> { unix-stream("/var/data/chroot/<username>/dev/log" optional(yes) ); }; It is not clear if this is created ahead of time or on the fly when the NFS volume is mounted or for each possible user to create a unix-stream socket in NFS. What I was proposing is each of the two servers has it own /var/data/chroot/<username>/dev/hostnameX.log What is not clear is when running in chroot, when an application does an openlog, syslog or vsyslog are these system calls, or library calls. i.e. do the read any configuration from the chroot directory? I think it expects to find /dev/log in the chroot directory and this name matches what is in the real root directory. So I was proposing that each sftpd server has a different /dev/hostname.log so a user could be on both of the servers at the same time. Hildegard said these are Ubuntu servers, and Ubuntu uses rsyslogd that looks similar to syslog-ng. Google'ing for: rsyslog chroot /dev/log These look interesting. https://www.the-art-of-web.com/system/sftp-logging-chroot/ https://serverfault.com/questions/878627/logging-chrooted-sftp-user-activity>> >> since /var/data/chroot/<username>/dev/log is already a Symlink to >> /var/data/chroot/<username>/dev/hostname1/log (see first step), and it >> is the same NFS filesystem. > > Not sure I understand the entire situation, but can?t you make > /var/data/chroot/<username>/dev/log a regular file (on the NFS > mount) then bind-mount (see my earlier mail) /dev/log from the > host over it?Is this what you are trying to do? https://serverfault.com/questions/878627/logging-chrooted-sftp-user-activity Instead, use input(type="imuxsock" Socket="/opt/bindmount/dev/log") to create an additional socket (which you can then bind-mount such that all chroots see it at /dev/log).> > bye, > //mirabilos >-- Douglas E. Engert <DEEngert at gmail.com>