[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1084
  • Last Modified:

bad ownership or modes for chroot directory

Centos 7.  user no longer able to access home dir.   Secure log shows fatal: bad ownership or modes for chroot directory "/home/username" [postauth].  Root owns /home, user owns /home/username.  Permissions are currently at 755.   What am I missing?
0
SpyderDesigns
Asked:
SpyderDesigns
  • 3
  • 3
1 Solution
 
Jan SpringerCommented:
ls -lZd /home/username

What is the complete output?
0
 
SpyderDesignsAuthor Commented:
drwxr-xr-x. username groupname unconfined_u:object_r:user_home_dir_t:s0 /home/username
0
 
Jan SpringerCommented:
chmod -R user:group /home/user
restorecon -R /home/user

ls -lZR /home/user

grep user /etc/passwd
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
SpyderDesignsAuthor Commented:
Assume you mean chown.  Yeah tried restorecon.  Turned off selinux temporarily.  Same problem.

Grep shows user:x:1001:1003::/home/userdir:/sbin/nologin.  Believe that is what I want as I want sftp but not ssh
0
 
Jan SpringerCommented:
You want "lshell".  Install it, add it to /etc/shells, and change the account shell.

It's a restricted shell that can be used with ssh/sftp/scp that chroots the user and allows you to specify what commands can be run.

I use it and love it.
0
 
SpyderDesignsAuthor Commented:
Forgot, files show unconfined_u:object_r:user_home_t:s0
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now