thr3ads.net - openssh unix dev - Howto log multiple sftpd instances with their chroot shared via NFS [Sep 2021]

If this information is useful, please help other people find it:
Share via:

Hildegard Meier

2021-Sep-29 08:42 UTC

Howto log multiple sftpd instances with their chroot shared via NFS

Hi, I tried now the following:

Add the following line to /etc/fstab:

/var/data/chroot                            /usr/local/sftp_chroot_bind_mount  
none    bind                0       2

Then:
mkdir /usr/local/sftp_chroot_bind_mount
mount /usr/local/sftp_chroot_bind_mount

to bind-mount the users's chroot home to /usr/local/sftp_chroot_bind_mount

Then replace in the syslog-ng config:

source s_chroot_<username>    {
unix-stream("/var/data/chroot/<username>/dev/log" optional(yes)
); };
with
source s_chroot_<username>    {
unix-stream("/usr/local/sftp_chroot_bind_mount/<username>/dev/log"
optional(yes) ); };

Restart syslog-ng

That would have been such a simple workaround.
But unfortunately, the problem is not solved with this.
The problem is the same, that there is sftp logging only on the sftp server
where syslog-ng was restarted least.

Douglas E Engert

2021-Sep-29 13:34 UTC

head link

Howto log multiple sftpd instances with their chroot shared via NFS

Thanks for the info on the single NFS volume mount.

Another take on the direct bind mount:


If server1 did:
source s_chroot_<username> {
unix-stream("/var/data/chroot/<username>/dev/log_server1"
optional(yes) ); };

Then for each user server1 would also do (or have in fstab):
mount -bind /var/data/chroot/<username>/dev/log
/var/data/chroot/<username>/dev/log_server1

and server2 did:
source s_chroot_<username> {
unix-stream("/var/data/chroot/<username>/dev/log_server1"
optional(yes) ); };
and also do this:
mount -move /var/data/chroot/<username>/dev/log
/var/data/chroot/<username>/dev/log_server2

This would allow each server to have its own /dev/log_host so they would not
overwrite each others,
but when the libc went to write to the chrooted  /dev/log, the kernel would
write to /dev/log_serverX because
the direct bind is in the host's kernel.



I have not tried this.



On 9/29/2021 3:42 AM, Hildegard Meier wrote:> Hi, I tried now the following:
> 
> Add the following line to /etc/fstab:
> 
> /var/data/chroot                           
/usr/local/sftp_chroot_bind_mount   none    bind                0       2
> 
> Then:
> mkdir /usr/local/sftp_chroot_bind_mount
> mount /usr/local/sftp_chroot_bind_mount
> 
> to bind-mount the users's chroot home to
/usr/local/sftp_chroot_bind_mount
> 
> Then replace in the syslog-ng config:
> 
> source s_chroot_<username>    {
unix-stream("/var/data/chroot/<username>/dev/log" optional(yes)
); };
> with
> source s_chroot_<username>    {
unix-stream("/usr/local/sftp_chroot_bind_mount/<username>/dev/log"
optional(yes) ); };
> 
> Restart syslog-ng
> 
> That would have been such a simple workaround.
> But unfortunately, the problem is not solved with this.
> The problem is the same, that there is sftp logging only on the sftp server
where syslog-ng was restarted least.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> .
> 
-- 

  Douglas E. Engert  <DEEngert at gmail.com>

openssh unix dev - Sep 2021 - Howto log multiple sftpd instances with their chroot shared via NFS

Howto log multiple sftpd instances with their chroot shared via NFS

Howto log multiple sftpd instances with their chroot shared via NFS