fatal: bad ownership or modes for chroot directory component "/" in SFTP

ssh debian sftp

16,976

Using ChrootDirectory option in sshd_config requires some basic understanding of written text.

This is snapshot from manual page for sshd_config(5):

ChrootDirectory

Specifies the pathname of a directory to chroot(2) to after authentication. All components of the pathname must be root-owned directories that are not writable by any other user or group. After the chroot, sshd(8) changes the working directory to the user's home directory.

This is your error log:

fatal: bad ownership or modes for chroot directory component "/"

This means that you need to make sure to fulfil the emphasised part of the quote: Your / need to be owned by root and has w acl only for the owner.

16,976

Luis M. Valenzuela

PHP, Ajax, C#, MySQL, and linux server enthusiast. Develop websites and custom systems.

Updated on September 18, 2022

Comments

Luis M. Valenzuela almost 2 years
I've been trying to configure sftp in a debian server.sshd_config:
```
Subsystem sftp internal-sftp

UsePAM no

Match User sftpUser
ChrootDirectory /users/sftp/sftpUser
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
```
Directories:
```
 drwxr-xr-x   3 root      root      4096 Oct 20 10:59 users

 drwxr-xr-x   3 root      root      4096 Oct 20 11:00 sftp

 drwxr-xr-x   2 root      root      4096 Oct 20 11:00 sftpUser
```
cat /var/log/auth.log
```
Oct 20 10:58:22 w1 sshd[24634]: Accepted password for sftpUser from 201.156.103.213 port 34106 ssh2
Oct 20 10:58:22 w1 sshd[24636]: fatal: bad ownership or modes for chroot directory component "/"
```
sftpUser no home, bin/falseand member of user group.

In the client side I'm getting the famous Write failed: Broken pipe and then the connection is dropped. Commenting the ChrootDirectorycommand in sshd_config makes the connection, but get's the user loose.

What am I doing wrong ?
- ostendali over 8 years
  
  it is a very basic problem and the auth .log is telling you what exactly the problem is: wiki.archlinux.org/index.php/SFTP_chroot
- Michael Hampton over 8 years
  
  Run ls -ld / and show the output.
- Luis M. Valenzuela over 8 years
  
  You're right !!!! drwxr-xr-x 28 suzukiweb suzukiweb 4096 Oct 20 10:59 / It seems that root directory (/) is owned by other user, but listing without -ld modifier didn't show it...
Jakuje over 8 years

this is users directory. How does root directory look like, as proposed in comments? ls -ld /
Luis M. Valenzuela over 8 years

With your answer combined with the comment provided by Michael Hampton the problem was solved. It seems that the root (/) directory was owned by another user different from root. Corrected it whith: chown root:root /
Jakuje over 8 years

If this answer worked for you, please mark it as a solution so it can help the others.
Kondybas about 7 years

I want to clarify, that / means "directory that becomes / for chrooted user"
Jakuje about 7 years

@Kondybas No. In this case, the / is really / of filesystem which has the wrong permissions. But the error can look different way if you have the permissions wrong somewhere else.