Bug#429243: stopped working, SSH stopped logging failures!
On Wed, Sep 02, 2009 at 11:03:24AM +0200, Gábor Gombás wrote:
> Now that the default syslog daemon is rsyslog, openssh-server could ship
> a configure snippet in /etc/rsyslog.d/openssh-server.conf that contains:
>
> $$AddUnixListenSocket /var/run/sshd/dev/log
>
> And probably the issue should be documented in README.Debian for the
> other syslog variants.
Seems reasonable.
> That still leaves the question who creates /var/run/sshd/dev. I'm using
> the following patch on some machines:
>
> Index: init.d/ssh
> ===================================================================
> --- init.d/ssh (revision 3863)
> +++ init.d/ssh (working copy)
> @@ -59,8 +59,8 @@
>
> check_privsep_dir() {
> # Create the PrivSep empty dir if necessary
> - if [ ! -d /var/run/sshd ]; then
> - mkdir /var/run/sshd
> + if [ ! -d /var/run/sshd/dev ]; then
> + mkdir -p /var/run/sshd/dev
> chmod 0755 /var/run/sshd
> fi
> }
>
> Unfortunately it won't really help when /var/run is on tmpfs, because
> the syslog daemon is started before the ssh init script has run. The
> only proper solution I can think of right now is to split the ssh init
> script in two:
>
> - the first part runs before any syslog daemon, and does nothing except
> creating /var/run/sshd/dev directory if it is missing
>
> - the second part runs after the syslog daemon has started, and does the
> rest.
I definitely don't want to do this. Init script multiplication has a
slow but inexorable effect on boot time.
Michael, is there a standard approach that packages can use to do this?
postfix doesn't seem to do anything particularly special.
--
Colin Watson [cjwatson@debian.org]
Reply to: