1

I created a new group and user so it can connect to server using SFTP. This user's directory is set to /var/www. Running ls -ld gave me following result:

drwxr-xr-x 4 root sftponly 4096 Aug 12 04:05 /var/www/

sftponly is the group and mysftpuser is the user which is part of this group.

I was able to successfully connect using SFTP client but was unable to delete any file inside www. So I ran following command to change permission:

sudo chmod 775 /var/www/

Now running ls -ld gives me following result:

drwxrwxr-x 4 root sftponly 4096 Aug 12 04:05 /var/www/

But now when ever I try to connect to SFTP using user mysftpuser I get error in auth.log

fatal: bad ownership or modes for chroot directory "/var/www"

What did I do wrong and how to fix this issue?

EDIT

sshd_config

Match group sftponly
ChrootDirectory /var/www
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Frank Martin
  • 741
  • 2
  • 12
  • 24
  • I found out that if I run `sudo chmod 755 /var/www` then I am able to connect to FTP but cannot delete. If I change it back to `sudo chmod 775 /var/www` then I can't connect. I want to be able to connect and delete both. – Frank Martin Aug 12 '17 at 13:12
  • Set 755 on /var/www and put the content in a subfolder of /var/www. – Florin Asăvoaie Aug 12 '17 at 13:18
  • This is what I am already doing. If I set `sudo chmod 755 /var/www` then I cannot create, delete or rename any folder or file inside it. Only read works. – Frank Martin Aug 12 '17 at 13:23
  • I have updated my post with `sshd_config` setting in case someone wants to see. – Frank Martin Aug 12 '17 at 13:35
  • 1
    ChrootDirectory Specifies the pathname of a directory to chroot(2) to after authentication. At session startup sshd(8) checks that all components of the pathname are root-owned direc- tories which are not writable by any other user or group. After the chroot, sshd(8) changes the working directory to the user's home directory. – c4f4t0r Aug 12 '17 at 14:45
  • So what do you suggest to fix this issue? – Frank Martin Aug 12 '17 at 14:53
  • Anyone has a suggestion? I have been trying for hours to fix this issue but no luck? ٰ I created a new dir inside `/var/www` but it has the same issue. Even if I give 777 permission on `/var/www` then I cannot connect to SFTP. It will only connect if `/var/www/` has 755 permission but then it won't let me delete, rename etc. – Frank Martin Aug 12 '17 at 16:02

0 Answers0