Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Distributions > CentOS
User Name
CentOS This forum is for the discussion of CentOS Linux. Note: This forum does not have any official participation.


  Search this Thread
Old 11-23-2017, 04:24 AM   #1
Registered: Feb 2015
Posts: 376

Rep: Reputation: Disabled
logging users with chroot home dirs

hi all,

im reading this guide -

im reading under the topic "RHEL 7 via socket in chroot"

atm my sftp logs appear here so its all working correctly - "/var/log/secure" and i can see what user has logged in and what directory/file they have opened/closed

now i want to make a "/var/log/sftp.log" but im struggling

input(type="imuxsock" HostName="user" Socket="/chroots/user/dev/log" CreatePath="on") if $fromhost == 'user' then /var/log/sftp.log & stop

atm my users i create there chroot directory like so - "/mnt/sftp/ftp/username/data"

username - i have multiple usernames so what do i put here "%u"?

the users own the "data folder" they dont own the username folder, so in the data folder they can upload files folders

hope im making sense and thanks

Old 11-24-2017, 01:22 PM   #2
Senior Member
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 3,978
Blog Entries: 3

Rep: Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892
The chroot will need everything, from the SFTP server to the devices used for logging. That will be a lot to set up. It would be much easier to use the in-process SFTP server instead:

Subsystem   sftp    internal-sftp -l INFO -f LOCAL0
That will allow you to separate the logs more easily based on the log facility LOCAL0. You can choose LOCAL0 through LOCAL7. However, I'm not sure how RHEL does actual logging any more so you'll want to check with your support contract's contact for the latest info on how to reconfigure system logging to sort out specific kinds of messages into their own file.

But then for the chrooted users, you can use the %u in place of the user name:

Match Group chrooted
        ChrootDirectory /mnt/sftp/ftp/%u/data/
However, keep in mind that /mnt/sftp/ftp/username/data/ has to be owned by root and not writable by others. So I'd just leave it like this:

Match Group chrooted
        ChrootDirectory /mnt/sftp/ftp/%u/
So that /mnt/sftp/ftp/username/ is owned by root and /mnt/sftp/ftp/username/data/ itself is owned by the appropriate user.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Jailkit - SFTP users can see other user's home dirs ddenton Linux - Security 4 10-09-2011 06:48 PM
how to get apache to look in users' home dirs? realthor Linux - Software 5 03-15-2006 10:08 AM
chroot or keeping users to /home techrolla Linux - Security 9 06-22-2004 05:18 AM
give users access to home dirs jonas73 Linux - Newbie 2 03-16-2004 01:42 AM
vsftpd: restricting users to home dirs groovin Linux - Security 6 11-25-2002 04:20 PM > Forums > Linux Forums > Linux - Distributions > CentOS

All times are GMT -5. The time now is 01:37 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration