How to use ChrootDirectory

first of all I don't know what is ChrootDirectory, I so an example it was working as you can see in example A, but when i chage setting it deosn't work as in example B

A:
User1:x:500:500::/var/www:/bin/bash
Set /etc/ssh/sshd_config to
ChrootDirectory %h
This way user1 can login to /var/www/ using sftp.

B
But when I change
User1:x:500:500::/var/www/html/public:/bin/bash
And ChrootDirectory /var/www/html/public

User can’t login I get following error

Accepted password for user1 from 10.1.3.76 port 53711 ssh2
pam_unix(sshd:session): session opened for user user1 by (uid=0)
fatal: bad ownership or modes for chroot directory "/var/www/public"
pam_unix(sshd:session): session closed for user user1
rawandnetAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

turnbulldCommented:
What is the output of ls -l /var/www/public?  It  appears that ssh is complaining that the directory  chosen isn't owned by user user1.
0
rawandnetAuthor Commented:
i gave public folder full controll to all users chmod -R 777.

drwxrwxrwx  2 user1  root 4096 Apr 18 13:56 public
0
turnbulldCommented:
Ok. It seems that the rules are as follows for using ChrootDirectory:

- the path and all the paths leading to it must be owned by root

- the path and all the paths leading to it must not be group or world writeable

- the path and all the paths leading to it must actually be directories (duh :) )

So, /var, /var/html, /var/html/www, and /var/html/www/public must all have no more permissive mode than 755 and be owned by root.

http://www.tenshu.net/archives/2008/10/09/openssh-51-chrootdirectory-permissions-issue/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
HTML5 and CSS3 Fundamentals

Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.

rawandnetAuthor Commented:
I managed to login the the folder using your instruction, but I can't upload file because it is 755 permission which is:
drwxr-xr-x 2 root root 4096 Apr 18 17:38 chroot/

chroot location is /chroot
0
turnbulldCommented:
Probably you'll have to create a sub-directory with the necessary permissions.  Based on how the code for the functionality is written, it seems you just can't use the new root folder itself.
0
rawandnetAuthor Commented:
your advice solve the problem, thank you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Distributions

From novice to tech pro — start learning today.