How to use ChrootDirectory

first of all I don't know what is ChrootDirectory, I so an example it was working as you can see in example A, but when i chage setting it deosn't work as in example B

A:
User1:x:500:500::/var/www:/bin/bash
Set /etc/ssh/sshd_config to
ChrootDirectory %h
This way user1 can login to /var/www/ using sftp.

B
But when I change
User1:x:500:500::/var/www/html/public:/bin/bash
And ChrootDirectory /var/www/html/public

User can’t login I get following error

Accepted password for user1 from 10.1.3.76 port 53711 ssh2
pam_unix(sshd:session): session opened for user user1 by (uid=0)
fatal: bad ownership or modes for chroot directory "/var/www/public"
pam_unix(sshd:session): session closed for user user1
rawandnetAsked:
Who is Participating?
 
turnbulldCommented:
Ok. It seems that the rules are as follows for using ChrootDirectory:

- the path and all the paths leading to it must be owned by root

- the path and all the paths leading to it must not be group or world writeable

- the path and all the paths leading to it must actually be directories (duh :) )

So, /var, /var/html, /var/html/www, and /var/html/www/public must all have no more permissive mode than 755 and be owned by root.

http://www.tenshu.net/archives/2008/10/09/openssh-51-chrootdirectory-permissions-issue/
0
 
turnbulldCommented:
What is the output of ls -l /var/www/public?  It  appears that ssh is complaining that the directory  chosen isn't owned by user user1.
0
 
rawandnetAuthor Commented:
i gave public folder full controll to all users chmod -R 777.

drwxrwxrwx  2 user1  root 4096 Apr 18 13:56 public
0
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

 
rawandnetAuthor Commented:
I managed to login the the folder using your instruction, but I can't upload file because it is 755 permission which is:
drwxr-xr-x 2 root root 4096 Apr 18 17:38 chroot/

chroot location is /chroot
0
 
turnbulldCommented:
Probably you'll have to create a sub-directory with the necessary permissions.  Based on how the code for the functionality is written, it seems you just can't use the new root folder itself.
0
 
rawandnetAuthor Commented:
your advice solve the problem, thank you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.