rawandnet
asked on
How to use ChrootDirectory
first of all I don't know what is ChrootDirectory, I so an example it was working as you can see in example A, but when i chage setting it deosn't work as in example B
A:
User1:x:500:500::/var/www: /bin/bash
Set /etc/ssh/sshd_config to
ChrootDirectory %h
This way user1 can login to /var/www/ using sftp.
B
But when I change
User1:x:500:500::/var/www/ html/publi c:/bin/bas h
And ChrootDirectory /var/www/html/public
User can’t login I get following error
Accepted password for user1 from 10.1.3.76 port 53711 ssh2
pam_unix(sshd:session): session opened for user user1 by (uid=0)
fatal: bad ownership or modes for chroot directory "/var/www/public"
pam_unix(sshd:session): session closed for user user1
A:
User1:x:500:500::/var/www:
Set /etc/ssh/sshd_config to
ChrootDirectory %h
This way user1 can login to /var/www/ using sftp.
B
But when I change
User1:x:500:500::/var/www/
And ChrootDirectory /var/www/html/public
User can’t login I get following error
Accepted password for user1 from 10.1.3.76 port 53711 ssh2
pam_unix(sshd:session): session opened for user user1 by (uid=0)
fatal: bad ownership or modes for chroot directory "/var/www/public"
pam_unix(sshd:session): session closed for user user1
What is the output of ls -l /var/www/public? It appears that ssh is complaining that the directory chosen isn't owned by user user1.
ASKER
i gave public folder full controll to all users chmod -R 777.
drwxrwxrwx 2 user1 root 4096 Apr 18 13:56 public
drwxrwxrwx 2 user1 root 4096 Apr 18 13:56 public
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I managed to login the the folder using your instruction, but I can't upload file because it is 755 permission which is:
drwxr-xr-x 2 root root 4096 Apr 18 17:38 chroot/
chroot location is /chroot
drwxr-xr-x 2 root root 4096 Apr 18 17:38 chroot/
chroot location is /chroot
Probably you'll have to create a sub-directory with the necessary permissions. Based on how the code for the functionality is written, it seems you just can't use the new root folder itself.
ASKER
your advice solve the problem, thank you.