LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > CentOS
User Name
Password
CentOS This forum is for the discussion of CentOS Linux. Note: This forum does not have any official participation.

Notices


Reply
  Search this Thread
Old 11-23-2017, 04:24 AM   #1
robertkwild
Member
 
Registered: Feb 2015
Posts: 376

Rep: Reputation: Disabled
logging users with chroot home dirs


hi all,

im reading this guide -

https://access.redhat.com/articles/1374633

im reading under the topic "RHEL 7 via socket in chroot"

atm my sftp logs appear here so its all working correctly - "/var/log/secure" and i can see what user has logged in and what directory/file they have opened/closed

now i want to make a "/var/log/sftp.log" but im struggling

input(type="imuxsock" HostName="user" Socket="/chroots/user/dev/log" CreatePath="on") if $fromhost == 'user' then /var/log/sftp.log & stop

atm my users i create there chroot directory like so - "/mnt/sftp/ftp/username/data"

username - i have multiple usernames so what do i put here "%u"?

the users own the "data folder" they dont own the username folder, so in the data folder they can upload files folders

hope im making sense and thanks

rob
 
Old 11-24-2017, 01:22 PM   #2
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 3,978
Blog Entries: 3

Rep: Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892
The chroot will need everything, from the SFTP server to the devices used for logging. That will be a lot to set up. It would be much easier to use the in-process SFTP server instead:

Code:
Subsystem   sftp    internal-sftp -l INFO -f LOCAL0
That will allow you to separate the logs more easily based on the log facility LOCAL0. You can choose LOCAL0 through LOCAL7. However, I'm not sure how RHEL does actual logging any more so you'll want to check with your support contract's contact for the latest info on how to reconfigure system logging to sort out specific kinds of messages into their own file.

But then for the chrooted users, you can use the %u in place of the user name:

Code:
Match Group chrooted
        ChrootDirectory /mnt/sftp/ftp/%u/data/
However, keep in mind that /mnt/sftp/ftp/username/data/ has to be owned by root and not writable by others. So I'd just leave it like this:

Code:
Match Group chrooted
        ChrootDirectory /mnt/sftp/ftp/%u/
So that /mnt/sftp/ftp/username/ is owned by root and /mnt/sftp/ftp/username/data/ itself is owned by the appropriate user.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Jailkit - SFTP users can see other user's home dirs ddenton Linux - Security 4 10-09-2011 06:48 PM
how to get apache to look in users' home dirs? realthor Linux - Software 5 03-15-2006 10:08 AM
chroot or keeping users to /home techrolla Linux - Security 9 06-22-2004 05:18 AM
give users access to home dirs jonas73 Linux - Newbie 2 03-16-2004 01:42 AM
vsftpd: restricting users to home dirs groovin Linux - Security 6 11-25-2002 04:20 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > CentOS

All times are GMT -5. The time now is 01:37 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration