Solved

bad ownership or modes for chroot directory

Posted on 2016-11-03
6
421 Views
Last Modified: 2016-11-21
Centos 7.  user no longer able to access home dir.   Secure log shows fatal: bad ownership or modes for chroot directory "/home/username" [postauth].  Root owns /home, user owns /home/username.  Permissions are currently at 755.   What am I missing?
0
Comment
Question by:SpyderDesigns
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 41872928
ls -lZd /home/username

What is the complete output?
0
 

Author Comment

by:SpyderDesigns
ID: 41872957
drwxr-xr-x. username groupname unconfined_u:object_r:user_home_dir_t:s0 /home/username
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 41872964
chmod -R user:group /home/user
restorecon -R /home/user

ls -lZR /home/user

grep user /etc/passwd
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:SpyderDesigns
ID: 41873100
Assume you mean chown.  Yeah tried restorecon.  Turned off selinux temporarily.  Same problem.

Grep shows user:x:1001:1003::/home/userdir:/sbin/nologin.  Believe that is what I want as I want sftp but not ssh
0
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 41873110
You want "lshell".  Install it, add it to /etc/shells, and change the account shell.

It's a restricted shell that can be used with ssh/sftp/scp that chroots the user and allows you to specify what commands can be run.

I use it and love it.
0
 

Author Comment

by:SpyderDesigns
ID: 41873130
Forgot, files show unconfined_u:object_r:user_home_t:s0
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Fine Tune your automatic Updates for Ubuntu / Debian
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question