Fwd: Permissions in chroot SFTP

Jim Knoble jmknoble at pobox.com
Thu Nov 13 09:41:37 EST 2008

Circa 2008-11-11 06:39 dixit Carlo Pradissitto:

: I configured openssh 5.1p1 for sftp server.
: Here the specifications in sshd_config file:
: Subsystem     sftp   internal-sftp
: Match Group sftp
:     ForceCommand internal-sftp
:     ChrootDirectory /home/%u
:     AllowTcpForwarding no
: When a user is logged in, he can't upload his document and he receives
: this message:
: carlo at Music:~$ sftp user at
: Connecting to
: user at's password:
: sftp> put prova
: Uploading prova to /prova
: Couldn't get handle: Permission denied
: sftp>


You don't want the user to have write permissions to the chroot
directory.  If you do, the user has the potential to gain root
privileges inside the chroot.

Best is to make the chroot directory owned by root, as sshd is trying to
tell you.  Create a user-writable directory under the chroot directory

jim knoble  |  jmknoble at pobox.com  |  http://www.pobox.com/~jmknoble/
(GnuPG key ID: C6F31FFA  >>>>>>  http://www.pobox.com/~jmknoble/keys/ )
(GnuPG fingerprint: 99D8:1D89:8C66:08B5:5C34::5527:A543:8C33:C6F3:1FFA)
|[L]iberty, as we all know, cannot flourish in a country that is perma-|
| nently on a war footing, or even a near-war footing.  --Aldous Huxley|

More information about the openssh-unix-dev mailing list