Ssh – bad ownership or modes for chroot directory component

chownchrootssh

I created the user MY_USER. Set his home dir to /var/www/RESTRICTED_DIR, which is the path he should be restricted to.
Then I edited sshd_config and set:

Match user MY_USER
  ChrootDirectory /var/www/RESTRICTED_DIR

Then I restarted ssh. Made MY_USER owner (and group owner) of RESTRICTED_DIR, and chmodded it to 755. I get

Accepted password for MY_USER
session opened for user MY_USER by (uid=0)
fatal: bad ownership or modes for chroot directory component "/var/www/RESTRICTED_DIR"
pam_unix(sshd:session): session closed for user MY_USER

If I removed the 2 lines from sshd_config the user can login successfully. Of course it can access all the server though. What's the problem? I even tried to chown RESTRICTED_DIR to root (as I read somewhere that someone solved this same problem doing it). No luck..

Best Answer

From the man page:

ChrootDirectory
Specifies the pathname of a directory to chroot(2) to after authentication. All components of the pathname must be root-owned directories that are not writable by any other user or group. After the chroot, sshd(8) changes the working directory to the user's home directory.

My guess is one or more of the directories on the path do not meet those requirements (my suspicion is www is owned or writable by your web user, not root).
Go back and follow the directions, ensuring that the requirements above in bold italics are met.

Best Answer

Related Solutions

Ubuntu – SFTP fatal bad ownership or modes for chroot directory ubuntu 12.04

Ubuntu – Secure SFTP Configuration that Allows SFTP User Write Access

Related Topic