I need to give access to a developer to our server vía ssh. I hosted his web on /home/miuser and some other web applications in /home/… I have this config in my
Subsystem sftp internal-sftp
Match User miuser
ChrootDirectory /home/miuser/
ForceCommand internal-sftp
AllowTCPForwarding no
X11Forwarding no
I set a password to the user and give permissions:
chown 755 /home/miuser
chmod root:root /home/miuser
When I tried to conect via ssh with this user I get "broken pipe" error and if I check /var/log/secure I see this:
fatal: bad ownership or modes for chroot directory component "/home/"
I read that this problem is a permission problem, that all parent folder must belong to root for sftp chroot to work. I have a bunch of applications on home and some of them don´t belong to root. Is there any way to solve this problem?
thanks in advance
UPDATE:
/home permissions:
[root@localhost ~]# ls -la /home/
total 27024
drwxr-xr-x 17 apache root 4096 may 16 2013 .
drwxr-xr-x 27 root root 4096 nov 19 10:06 ..
drwxr-xr-x 7 root root 4096 may 4 2012 [foldername]
drwx------ 2 golaizola davfs2 4096 ene 25 2011 [foldername]
drwxr-xr-x 7 root root 4096 mar 5 2012 [foldername]
drwxr-xr-x 5 root root 4096 ene 17 2013 [foldername]
drwx------ 5 golaizola golaizola 4096 oct 19 2009 [foldername]
drwxr-xr-x 20 root root 4096 abr 9 2013 [foldername]
drwxr-xr-x 9 root root 4096 nov 21 2012 [foldername]
drwxrws--- 8 moodlegureak moodlegureak 4096 nov 12 2012 [foldername]
drwxrws--- 7 portalgureak portalgureak 4096 abr 13 2012 [foldername]
drwxrws--- 5 srmgureak srmgureak 4096 nov 24 2010 [foldername]
-rw-r--r-- 1 apache root 87730 ene 31 2011 [foldername]
drwxrwxrwx 9 root root 4096 mar 3 2011 [foldername]
drwxr-xr-x 20 root root 4096 abr 9 2013 miuser
[root@localhost ~]# ls -ld /home
drwxr-xr-x 17 apache root 4096 may 16 2013 /home
The chroot folder is the last one.
Best Answer
See there: https://wiki.archlinux.org/index.php/SFTP-chroot#Troubleshooting
Your /home must me owned by root and not apache.
If for any reason we can't change /home rights (but i can see any reason you can't, except if Apache HTTPD server needs to create files in /home):