fatal: bad ownership or modes for chroot directory component "/" in SFTP
Using ChrootDirectory
option in sshd_config
requires some basic understanding of written text.
This is snapshot from manual page for sshd_config(5)
:
ChrootDirectory
Specifies the pathname of a directory to
chroot(2)
to after authentication. All components of the pathname must be root-owned directories that are not writable by any other user or group. After the chroot,sshd(8)
changes the working directory to the user's home directory.
This is your error log:
fatal: bad ownership or modes for chroot directory component "/"
This means that you need to make sure to fulfil the emphasised part of the quote: Your /
need to be owned by root and has w
acl only for the owner.
Related videos on Youtube
Luis M. Valenzuela
PHP, Ajax, C#, MySQL, and linux server enthusiast. Develop websites and custom systems.
Updated on September 18, 2022Comments
-
Luis M. Valenzuela almost 2 years
I've been trying to configure sftp in a debian server.
sshd_config:
Subsystem sftp internal-sftp UsePAM no Match User sftpUser ChrootDirectory /users/sftp/sftpUser ForceCommand internal-sftp AllowTcpForwarding no X11Forwarding no
Directories:
drwxr-xr-x 3 root root 4096 Oct 20 10:59 users drwxr-xr-x 3 root root 4096 Oct 20 11:00 sftp drwxr-xr-x 2 root root 4096 Oct 20 11:00 sftpUser
cat /var/log/auth.log
Oct 20 10:58:22 w1 sshd[24634]: Accepted password for sftpUser from 201.156.103.213 port 34106 ssh2 Oct 20 10:58:22 w1 sshd[24636]: fatal: bad ownership or modes for chroot directory component "/"
sftpUser no home,
bin/false
and member of user group.In the client side I'm getting the famous
Write failed: Broken pipe
and then the connection is dropped. Commenting theChrootDirectory
command in sshd_config makes the connection, but get's the user loose.What am I doing wrong ?
-
ostendali over 8 yearsit is a very basic problem and the auth .log is telling you what exactly the problem is: wiki.archlinux.org/index.php/SFTP_chroot
-
Michael Hampton over 8 yearsRun
ls -ld /
and show the output. -
Luis M. Valenzuela over 8 yearsYou're right !!!!
drwxr-xr-x 28 suzukiweb suzukiweb 4096 Oct 20 10:59 /
It seems that root directory (/) is owned by other user, but listing without -ld modifier didn't show it...
-
-
Jakuje over 8 yearsthis is users directory. How does root directory look like, as proposed in comments?
ls -ld /
-
Luis M. Valenzuela over 8 yearsWith your answer combined with the comment provided by Michael Hampton the problem was solved. It seems that the root (/) directory was owned by another user different from root. Corrected it whith:
chown root:root /
-
Jakuje over 8 yearsIf this answer worked for you, please mark it as a solution so it can help the others.
-
Kondybas about 7 yearsI want to clarify, that
/
means "directory that becomes / for chrooted user" -
Jakuje about 7 years@Kondybas No. In this case, the
/
is really/
of filesystem which has the wrong permissions. But the error can look different way if you have the permissions wrong somewhere else.