[scponly] scponlyc logging
Kaleb Pederson
kaleb.pederson at gmail.com
Tue Aug 5 15:12:19 EDT 2008
On Tue, Aug 5, 2008 at 11:58 AM, Stuart VanZee <StuartV at datalinesys.com> wrote:
>
> Well... That did it. Thank you very much.
No problem.
> Looking in the man page for syslogd it says:
>
> -a path
> Specify a location where syslogd should place an additional log
> socket. Up to about 20 additional logging sockets can be speci-
> fied. The primary use for this is to place additional log sock-
> ets in /dev/log of various chroot filespaces.
>
> Do you have any idea what the "Up to about 20" is all about? I will
> eventually (probably sooner than later) have to support much more than
> 20 accounts that are able to sftp (and be chrooted) on this box. Do you
> know if there is a way of getting around this limit or if this limit is
> a hard limit or not?
No, I'm not sure as that will be completely dependent on your logging daemon.
I'm not sure if BSD has this feature, but you might be able to mount
--bind a single /dev from a chroot into all of them, so the logging
device "magically" shows up for all of them. You might also be able
to hardlink a chrooted /dev into all the chroots, thus only using a
single one (I'd investigate the security of this one first). Lastly,
assuming you have a developer, he/she could write a simple daemon that
will create sockets within each chroot and forward them to the real
logging device.
Regards.
--Kaleb
More information about the scponly
mailing list