OT: chroot sftp centos 7
scooter6 at gmail.com
scooter6 at gmail.com
Tue Mar 26 16:13:33 PDT 2019
Is anyone aware of anything changing as to how to chroot sftp users on
centos 7?
I have everything setup identically on new server and keep getting
fatal: bad ownership or modes for chroot di
rectory component "/" [postauth]
Every thing I know root has to own the directory in full path up until
chroot directory
The only way I can even get a sftpuser to connect is if I make them the own
of the /home directory
Old server: this is in /home
drwxr-xr-x 3 root root 4096 Oct 16 11:15 frontier
Then, if you go to /home/frontier:
drwxr-xr-x 3 frontier sftponly 4096 Mar 19 15:45 attachments
sshd_config:
Match Group sftponly
ChrootDirectory /home/%u
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
New server: this is in /home
drwxr-xr-x 4 root root 38 Mar 26 18:17 frontier
Then, if you do to /home/frontier:
drwxr-xr-x 2 frontier sftponly 6 Mar 26 19:05 attachments
sshd_config has:
Match Group sftponly
ChrootDirectory /home/%u
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
Only thing different on serves are the UID/GIDs
Old server for frontier:
id frontier
uid=1014(frontier) gid=502(sftponly) groups=502(sftponly)
New server:
id frontier
uid=2043(frontier) gid=1503(sftponly) groups=1503(sftponly)
Old server, /etc/passwd
frontier:x:1014:502::/attachments:/bin/false
New server, /etc/passwd
frontier:x:2043:1503::/attachments:/bin/false
I even tried creating a new group, new user, etc - it's typically straight
forward, but I can't get any combination to work that others swear works
for them. This isn't normally difficult but I've been working on this for
4 hours and can't get the right combination to seem to work
Has anyone successfully gotten this to work on centos 7?
thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.celestial.com/pipermail/filepro-list/attachments/20190326/6ae6eec6/attachment.html>
More information about the Filepro-list
mailing list