Chrooted SFTP accounts - problem

If none of the more specific forums is the right place to ask

Chrooted SFTP accounts - problem

Postby Pulsedriver » 2017-10-26 01:16

I need to create SFTP only account that is jailed in his home directory, so I edited /etc/ssh/sshd_config and added:

Code: Select all
Subsystem sftp internal-sftp

Match Group sftponly
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no

Then I created a group and user:

Code: Select all
addgroup sftponly
useradd blabla
usermod blabla -g sftponly
usermod blabla -s /bin/false
usermod blabla -d /data/www/test/
passwd blabla

I set up the new password...
... and added to /etc/shells this at the end: /bin/false

Then I restarted ssh:

Code: Select all
service ssh restart

Then I tried to connect to SFTP, listed directories and it worked, but the problem is I cannot write any file to this folder. I allways get Permission denied error.

So I've tried:

1st try - Change the owner of /data/www/test/ to blabla and / or his group sftponly - result: cannot connect to SFTP with user blabla (permission denied) - changing the owner back to root makes it work again
2nd try - Change rights of /data/www/test/ to 777 - result: cannot connect to SFTP with user blabla (permission denied) - setting back to 755 makes it work again
3rd try - using setfacl like: setfacl -m "u:blabla:rwx" /data/www/test/ - result: cannot connect to SFTP with user blabla (permission denied) - deleting this right by setfacl -b /data/www/test/ makes it work again

Any suggestions? How can I set rights so I can write files in user's home directory using SFTP?

Thanks in advance.
Posts: 1
Joined: 2017-10-26 00:54

Re: Chrooted SFTP accounts - problem

Postby debiman » 2017-10-28 09:14

User avatar
Posts: 3021
Joined: 2013-03-12 07:18

Return to General Questions

Who is online

Users browsing this forum: No registered users and 9 guests