Find the answer to your Linux question:
Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    OpenSSH SFTP Chroot Help

    I'm trying to get ChrootDirectory working with SFTP. I understand the chroot directory is not writable by the user, so I have to create a sub-directory the user is supposed to write to. I keeping getting write permission denied when uploading a file to this sub directory?
    Does anybody have any suggestions on how to troubleshoot this or know what i'm doing wrong? Here's how I have it setup.

    Fedora 15, OpenSSH 5.6p1

    /etc/ssh/sshd_config looks like this

    Subsystem sftp internal-sftp
    Match Group sftp
       ChrootDirectory %h
       X11Forwarding no
       AllowTcpForwarding no
       ForceCommand internal-sftp
    I created the sftp group and created a test user.

    groupadd sftp
    useradd -g sftp -s /bin/false -d /home/test test
    Then gave root access to the test user's home directory so chroot will work.

    chown root:root /home/test
    chmod 755 /home/test
    Since the user's home directory is the chroot directory, the user will not have write access to it. So I created a sub-directory that the user will have write access to.

    mkdir /home/test/data
    chown test:test /home/test/data
    chmod 755 /home/test/data
    I can successfully sftp into the server and download files. But I cannot upload files to the data directory? I get write permission denied.

    Please help!

  2. #2
    I followed your exact steps on my F15 box and was able to upload files as user test successfully, with two caveats:

    1. In that last chown command, did you mean
    chown test:sftp /home/test/data
    2. Do you have SELinux enabled? I have it disabled. Check with
    If enabled, temporarily disable it with
    setenforce 0
    If it proves to be the problem, and you don't need it, permanently disable it by setting "SELINUX=disabled" in /etc/selinux/config

  3. #3

    Thank You

    Thank You! You solved the issue. SELinux was interfering. As soon as i disabled it, i was able to write.

    To answer question #1, you're correct, I meant to chown test:sftp /home/test/data


  4. $spacer_open
  5. #4

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts