Find the answer to your Linux question:
Results 1 to 4 of 4
Like Tree1Likes
  • 1 Post By atreyu
Hello, I'm trying to get ChrootDirectory working with SFTP. I understand the chroot directory is not writable by the user, so I have to create a sub-directory the user is ...
  1. 07-21-2011 #1
    groundhoggie
    groundhoggie is offline
    Just Joined!
    Join Date
    Jul 2011
    Posts
    2

    OpenSSH SFTP Chroot Help

    Hello,
    I'm trying to get ChrootDirectory working with SFTP. I understand the chroot directory is not writable by the user, so I have to create a sub-directory the user is supposed to write to. I keeping getting write permission denied when uploading a file to this sub directory?
    Does anybody have any suggestions on how to troubleshoot this or know what i'm doing wrong? Here's how I have it setup.

    Fedora 15, OpenSSH 5.6p1

    /etc/ssh/sshd_config looks like this

    Code:
    Subsystem sftp internal-sftp

Match Group sftp
   ChrootDirectory %h
   X11Forwarding no
   AllowTcpForwarding no
   ForceCommand internal-sftp
    I created the sftp group and created a test user.

    Code:
    groupadd sftp
useradd -g sftp -s /bin/false -d /home/test test
    Then gave root access to the test user's home directory so chroot will work.

    Code:
    chown root:root /home/test
chmod 755 /home/test
    Since the user's home directory is the chroot directory, the user will not have write access to it. So I created a sub-directory that the user will have write access to.

    Code:
    mkdir /home/test/data
chown test:test /home/test/data
chmod 755 /home/test/data
    I can successfully sftp into the server and download files. But I cannot upload files to the data directory? I get write permission denied.

    Please help!
    Reply With Quote Reply With Quote
  2. 07-21-2011 #2
    atreyu
    atreyu is offline
    Linux Guru
    Join Date
    May 2011
    Posts
    1,843
    I followed your exact steps on my F15 box and was able to upload files as user test successfully, with two caveats:

    1. In that last chown command, did you mean
    Code:
    chown test:sftp /home/test/data
    2. Do you have SELinux enabled? I have it disabled. Check with
    Code:
    getenforce
    If enabled, temporarily disable it with
    Code:
    setenforce 0
    If it proves to be the problem, and you don't need it, permanently disable it by setting "SELINUX=disabled" in /etc/selinux/config
    groundhoggie likes this.
    Reply With Quote Reply With Quote
  3. 07-23-2011 #3
    groundhoggie
    groundhoggie is offline
    Just Joined!
    Join Date
    Jul 2011
    Posts
    2

    Thank You

    atreyu,
    Thank You! You solved the issue. SELinux was interfering. As soon as i disabled it, i was able to write.

    To answer question #1, you're correct, I meant to chown test:sftp /home/test/data

    Thanks!!!
    Reply With Quote Reply With Quote
  4. 07-24-2011 #4
    atreyu
    atreyu is offline
    Linux Guru
    Join Date
    May 2011
    Posts
    1,843
    ...cheers!
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

...