using ssh why do sftp directories need to be world readable?

Question

I added the below to sshd_config, when i chmod 770 the user folder i get this error? Why? how can i make the folder only readable to the user or group? the owner currently is root and the group is currently that username

fatal: bad ownership or modes for chroot directory

-edit- this is for a user to sftp to store files. Only that user or that group should access that folder. i dont understand why i cant change the permission from 755 to 775 either. Adding write permission gives me an error when i try to log in as the user.

sshd_config:

Match group SomeGroup
         ChrootDirectory /mnt/somedir/%u
         X11Forwarding no
         AllowTcpForwarding no
         ForceCommand internal-sftp

There is no need to have write permission for user (or in this case user group). Actually, it's pretty bad idea, because otherwise user is able to modify files in that directory. — Olli, Apr 02 '11 at 19:49
@Olli: Well, its his storage... he should be able to modify all the files he wants... and no one else should see it — , Apr 02 '11 at 20:18

score 2 · Answer 1 · answered Apr 02 '11 at 23:50

2

From the sshd_config(5) man page:

 ChrootDirectory
         Specifies a path to chroot(2) to after authentication.  This
         path, and all its components, must be root-owned directories that
         are not writable by any other user or group.

You need to turn off the group-write bit.

answered Apr 02 '11 at 23:50

justarobert

1,869
13
8

how do i do that? – Apr 03 '11 at 00:42
You want the permissions to be 750, and the user should be a member of the group. For more details, see http://undeadly.org/cgi?action=article&sid=20080220110039 – justarobert Apr 03 '11 at 05:47

using ssh why do sftp directories need to be world readable?

1 Answers1