hi all,

im reading this guide -

https://access.redhat.com/articles/1374633

im reading under the topic "RHEL 7 via socket in chroot"

atm my sftp logs appear here so its all working correctly - "/var/log/secure" and i can see what user has logged in and what directory/file they have opened/closed

now i want to make a "/var/log/sftp.log" but im struggling

input(type="imuxsock" HostName="user" Socket="/chroots/user/dev/log" CreatePath="on") if $fromhost == 'user' then /var/log/sftp.log & stop

atm my users i create there chroot directory like so - "/mnt/sftp/ftp/username/data"

username - i have multiple usernames so what do i put here "%u"?

the users own the "data folder" they dont own the username folder, so in the data folder they can upload files folders

hope im making sense and thanks

rob

The chroot will need everything, from the SFTP server to the devices used for logging. That will be a lot to set up. It would be much easier to use the in-process SFTP server instead:

That will allow you to separate the logs more easily based on the log facility LOCAL0. You can choose LOCAL0 through LOCAL7. However, I'm not sure how RHEL does actual logging any more so you'll want to check with your support contract's contact for the latest info on how to reconfigure system logging to sort out specific kinds of messages into their own file.

But then for the chrooted users, you can use the %u in place of the user name:

However, keep in mind that /mnt/sftp/ftp/username/data/ has to be owned by root and not writable by others. So I'd just leave it like this:

So that /mnt/sftp/ftp/username/ is owned by root and /mnt/sftp/ftp/username/data/ itself is owned by the appropriate user.