tag:blogger.com,1999:blog-9120755343492164185.post5360959057305545006..comments2024-01-02T09:50:32.183-06:00Comments on Matthew McMillan: Detailed logging for chrooted sftp usersMatthew McMillanhttp://www.blogger.com/profile/02359945130001450035noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-9120755343492164185.post-37521621374318217852014-10-01T21:07:28.127-05:002014-10-01T21:07:28.127-05:00Darcy you are correct. That is the point of step 2...Darcy you are correct. That is the point of step 2. Maybe Stephen missed that. Thanks.Matthew McMillanhttps://www.blogger.com/profile/02359945130001450035noreply@blogger.comtag:blogger.com,1999:blog-9120755343492164185.post-40534529679820952182014-10-01T16:18:25.945-05:002014-10-01T16:18:25.945-05:00I believe that Stephen Carptenter's comment/co...I believe that Stephen Carptenter's comment/concern about the chroot needing to be being on the root filesystem, due to the hardlink, is incorrect. Step 2 above has you create a new socket on the same file system where chroot resides. Then you link from the new socket to the individual users' chroot locations. That link will NOT cross file systems, because you are not linking the original /dev/log socket to the new filesystem. You are linking the new socket (/sftp/sftp.log.socket) to locations in it's same file system.<br /><br />Maybe the original blog did not contain this info, but was modified after Stephen's comments were added?Darcy Pnoreply@blogger.comtag:blogger.com,1999:blog-9120755343492164185.post-73792556231320503052014-03-06T15:38:24.292-06:002014-03-06T15:38:24.292-06:00Specifically this only works as is if the chroot i...Specifically this only works as is if the chroot is on the root filesystem. If not you will get an error "invalid cross-device link" as you cannot hard link across filesystems. <br /><br />The other comments are absolutely correct on the right way to solve this. One could also bind mount dev to the new location, but since that would expose all of your device nodes, it isn't anything I would recommend. Stephen Carpenternoreply@blogger.comtag:blogger.com,1999:blog-9120755343492164185.post-70147578655550346522013-08-21T08:47:49.795-05:002013-08-21T08:47:49.795-05:00"ln /sftp/sftp.log.socket /sftp/testuser1/dev..."ln /sftp/sftp.log.socket /sftp/testuser1/dev/log" does not seem to work on SLES 11 SP2, even if adding both socket and link into the apprmor settings (/etc/apparmor.d/sbin.syslog-ng). I add to specify the user's /dev/log socket... so it sounds like you must modify syslog-ng settings (and restart it) each time you add a user.Anonymoushttps://www.blogger.com/profile/16947887220065813890noreply@blogger.comtag:blogger.com,1999:blog-9120755343492164185.post-28902832971427097572013-04-18T10:22:48.802-05:002013-04-18T10:22:48.802-05:00Great instructions.
I had to add "-r" t...Great instructions.<br /><br />I had to add "-r" to SYSLOGD_OPTIONS to get this to work (and restart syslog). Like so:<br /><br />SYSLOGD_OPTIONS="-m 0 -a /sftp/sftp.log.socket -r"<br /><br />Anonymousnoreply@blogger.com