2

I am trying to chroot a "test" user (group sftp) to /home/test. I've added the following lines at the end of my sshd_config:

Subsystem sftp internal-sftp

Match User test
    ChrootDirectory /home/test
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp

home and testdirectories have 755 permissions and are owned by root. I have also tried with ChrootDirectory /home.

root@Debian:/# namei -l /home/test
f: /home/test
drwxrwxrwx root root /
drwxr-xr-x root root home
drwxr-xr-x root root test

I am unable to connect to the server via SFTP or SSH (whether I include Subsystem sftp internal-sftp and ForceCommand internal-sftp or not). As soon as I log in I get the following message:

Write failed: Broken pipe

... and the following is appended to auth.log:

May 12 13:48:29 Reach sshd[25503]: Accepted password for test from 192.168.0.10 port 51058 ssh2
May 12 13:48:29 Reach sshd[25503]: pam_unix(sshd:session): session opened for user test by (uid=0)
May 12 13:48:29 Reach sshd[25505]: fatal: bad ownership or modes for chroot directory component "/"
May 12 13:48:29 Reach sshd[25503]: pam_unix(sshd:session): session closed for user test

Apparently the problem is it's trying to chroot to "/" when it should be "/home/test". What am I missing ? I've left the rest of sshd_config to default values, and there is no other ChrootDirectory directive...

Thank you.

Finsky
  • 23
  • 1
  • 5

1 Answers1

1

Your permissions on / are too open.
I wonder how you ended up with that.
That should be 0755.
So you'll need to change that.

The rest looks OK.

faker
  • 17,496
  • 2
  • 60
  • 70
  • Ahhh indeed, thank you, I didn't even bother checking... The server is a Synology NAS, I guess the Synology file server must have messed with the permissions somehow. Much work to do now... – Finsky May 12 '15 at 14:34