Directory permissions in chroot SFTP

Carlo Pradissitto carlopradissitto at gmail.com
Tue Nov 11 22:45:11 EST 2008 

Hi,
I configured openssh 5.1p1 for sftp server.

Here the specifications in sshd_config file:

Subsystem     sftp   internal-sftp
Match Group sftp
    ForceCommand internal-sftp
    ChrootDirectory /home/%u
    AllowTcpForwarding no

When a user is logged in, he can't upload his document and he receives
this message:

carlo at Music:~$ sftp user at 213.217.147.123
Connecting to 213.217.147.123...
user at 213.217.147.123's password:
sftp> put prova
Uploading prova to /prova
Couldn't get handle: Permission denied
sftp>

Here the directory permissions:

[root at sftp-server ~]# ls -la /home/user/
total 24
drwxr-xr-x   6 root sftp 4096 Nov 10 18:05 .
drwxr-xr-x  54 root root 4096 Nov 10 16:48 ..

OK, my user is a sftp group member, and the sftp group hasn't
sufficient permissions to write in user's home directory.

I add the write permission for the sftp group:

[root at sftp-server ~]# chmod 770 /home/user/
[root at sftp-server ~]# ls -la /home/user/
total 24
drwxrwx---   6 root sftp 4096 Nov 10 18:05 .
drwxr-xr-x  54 root root 4096 Nov 10 16:48 ..


But now the user can't access:

carlo at Music:~$ sftp user at 213.217.145.321
Connecting to 213.217.147.123...
user at 213.217.145.321's password:
Read from remote host 213.217.145.321: Connection reset by peer
Couldn't read packet: Connection reset by peer

Here the error message in /var/log/messages of sftp-server:

Nov 11 11:33:02 sftp-server sshd[10254]: Accepted password for user
from 213.217.145.329 port 38685 ssh2
Nov 11 11:33:02 sftp-server sshd[10256]: fatal: bad ownership or modes
for chroot directory "/home/user"

I get the same result if I change the ownership of user directory:

[root at sftp-server ~]# chown user.sftp /home/user/
[root at sftp-server ~]# ls -la /home/user/
total 24
drwxrwx---   6 user sftp 4096 Nov 10 18:05 .
drwxr-xr-x  54 root root 4096 Nov 10 16:48 ..

carlo at Music:~$ sftp user at 213.217.145.321
Connecting to 213.217.147.123...
user at 213.217.145.321's password:
Read from remote host 213.217.145.321: Connection reset by peer
Couldn't read packet: Connection reset by peer

Nov 11 11:38:11 sftp-server sshd[10267]: Accepted password for user
from 213.217.145.329 port 39285 ssh2
Nov 11 11:38:11 sftp-server sshd[10269]: fatal: bad ownership or modes
for chroot directory "/home/user"

I get the same result if I change the ownership of user directory this way:

[root at sftp-server ~]# chown user.root /home/user/

What can I do in order to grant user access and allow write
permissions in his home directory?

Thanks


-- 
Carlo Pradissitto

Servizi e Supporto IT

I-WAY S.r.l.
Piazza Caduti di via Fani, 2
03100 Frosinone

Mobile: +393939318571

Tel/Fax: 07751880765

E-mail: c.pradissitto at i-way.it

More information about the openssh-unix-dev mailing list