Centos – Chroot issue, broken pipe

centoschrootpermissionsssh

I need to give access to a developer to our server vía ssh. I hosted his web on /home/miuser and some other web applications in /home/… I have this config in my 

Subsystem sftp internal-sftp
Match User miuser
        ChrootDirectory /home/miuser/
        ForceCommand internal-sftp
        AllowTCPForwarding no
        X11Forwarding no

I set a password to the user and give permissions:

chown 755 /home/miuser
chmod root:root /home/miuser

When I tried to conect via ssh with this user I get "broken pipe" error and if I check /var/log/secure I see this:

fatal: bad ownership or modes for chroot directory component "/home/"

I read that this problem is a permission problem, that all parent folder must belong to root for sftp chroot to work. I have a bunch of applications on home and some of them don´t belong to root. Is there any way to solve this problem?

thanks in advance

UPDATE:
/home permissions:

[root@localhost ~]# ls -la /home/
total 27024
drwxr-xr-x 17 apache       root             4096 may 16  2013 .
drwxr-xr-x 27 root         root             4096 nov 19 10:06 ..
drwxr-xr-x  7 root         root             4096 may  4  2012 [foldername]
drwx------  2 golaizola    davfs2           4096 ene 25  2011 [foldername]
drwxr-xr-x  7 root         root             4096 mar  5  2012 [foldername]
drwxr-xr-x  5 root         root             4096 ene 17  2013 [foldername]
drwx------  5 golaizola    golaizola        4096 oct 19  2009 [foldername]
drwxr-xr-x 20 root         root             4096 abr  9  2013 [foldername]
drwxr-xr-x  9 root         root             4096 nov 21  2012 [foldername]
drwxrws---  8 moodlegureak moodlegureak     4096 nov 12  2012 [foldername]
drwxrws---  7 portalgureak portalgureak     4096 abr 13  2012 [foldername]
drwxrws---  5 srmgureak    srmgureak        4096 nov 24  2010 [foldername]
-rw-r--r--  1 apache       root            87730 ene 31  2011 [foldername]
drwxrwxrwx  9 root         root             4096 mar  3  2011 [foldername]
drwxr-xr-x 20 root         root             4096 abr  9  2013 miuser



[root@localhost ~]# ls -ld /home
drwxr-xr-x 17 apache root 4096 may 16  2013 /home

The chroot folder is the last one.

Best Answer

See there: https://wiki.archlinux.org/index.php/SFTP-chroot#Troubleshooting

Your /home must me owned by root and not apache.

If for any reason we can't change /home rights (but i can see any reason you can't, except if Apache HTTPD server needs to create files in /home):

  • either use another "/home" for such users (for instance /chroot ou /chroot/home)
  • or you also use ProFTPD with SFTP support (and DefautRoot directive)
Related Topic