Find the answer to your Linux question:
Results 1 to 4 of 4
Like Tree1Likes
  • 1 Post By atreyu
Hello, I'm trying to get ChrootDirectory working with SFTP. I understand the chroot directory is not writable by the user, so I have to create a sub-directory the user is ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2011
    Posts
    2

    OpenSSH SFTP Chroot Help


    Hello,
    I'm trying to get ChrootDirectory working with SFTP. I understand the chroot directory is not writable by the user, so I have to create a sub-directory the user is supposed to write to. I keeping getting write permission denied when uploading a file to this sub directory?
    Does anybody have any suggestions on how to troubleshoot this or know what i'm doing wrong? Here's how I have it setup.

    Fedora 15, OpenSSH 5.6p1

    /etc/ssh/sshd_config looks like this

    Code:
    Subsystem sftp internal-sftp
    
    Match Group sftp
       ChrootDirectory %h
       X11Forwarding no
       AllowTcpForwarding no
       ForceCommand internal-sftp
    I created the sftp group and created a test user.

    Code:
    groupadd sftp
    useradd -g sftp -s /bin/false -d /home/test test
    Then gave root access to the test user's home directory so chroot will work.

    Code:
    chown root:root /home/test
    chmod 755 /home/test
    Since the user's home directory is the chroot directory, the user will not have write access to it. So I created a sub-directory that the user will have write access to.

    Code:
    mkdir /home/test/data
    chown test:test /home/test/data
    chmod 755 /home/test/data
    I can successfully sftp into the server and download files. But I cannot upload files to the data directory? I get write permission denied.

    Please help!

  2. #2
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,317
    I followed your exact steps on my F15 box and was able to upload files as user test successfully, with two caveats:

    1. In that last chown command, did you mean
    Code:
    chown test:sftp /home/test/data
    2. Do you have SELinux enabled? I have it disabled. Check with
    Code:
    getenforce
    If enabled, temporarily disable it with
    Code:
    setenforce 0
    If it proves to be the problem, and you don't need it, permanently disable it by setting "SELINUX=disabled" in /etc/selinux/config
    groundhoggie likes this.

  3. #3
    Just Joined!
    Join Date
    Jul 2011
    Posts
    2

    Thank You

    atreyu,
    Thank You! You solved the issue. SELinux was interfering. As soon as i disabled it, i was able to write.

    To answer question #1, you're correct, I meant to chown test:sftp /home/test/data

    Thanks!!!

  4. #4
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,317
    ...cheers!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •