OT: chroot sftp centos 7

scooter6 at gmail.com scooter6 at gmail.com
Tue Mar 26 16:13:33 PDT 2019


Is anyone aware of anything changing as to how to chroot sftp users on
centos 7?
I have everything setup identically on new server and keep getting
fatal: bad ownership or modes for chroot di
rectory component "/" [postauth]

Every thing I know root has to own the directory in full path up until
chroot directory

The only way I can even get a sftpuser to connect is if I make them the own
of the /home directory

Old server:   this is in  /home

drwxr-xr-x  3 root    root    4096 Oct 16 11:15 frontier

Then, if you go to /home/frontier:

drwxr-xr-x 3 frontier sftponly 4096 Mar 19 15:45 attachments

sshd_config:

Match Group sftponly
        ChrootDirectory /home/%u
        ForceCommand internal-sftp
        X11Forwarding no
        AllowTcpForwarding no

New server:   this is in /home

drwxr-xr-x   4 root    root      38 Mar 26 18:17 frontier

Then, if you do to /home/frontier:

drwxr-xr-x 2 frontier sftponly 6 Mar 26 19:05 attachments

sshd_config has:

Match Group sftponly
        ChrootDirectory /home/%u
        ForceCommand internal-sftp
        X11Forwarding no
        AllowTcpForwarding no

Only thing different on serves are the UID/GIDs

Old server for frontier:

id frontier

uid=1014(frontier) gid=502(sftponly) groups=502(sftponly)

New server:

id frontier

uid=2043(frontier) gid=1503(sftponly) groups=1503(sftponly)

Old server, /etc/passwd
  frontier:x:1014:502::/attachments:/bin/false

New server, /etc/passwd
  frontier:x:2043:1503::/attachments:/bin/false

I even tried creating a new group, new user, etc - it's typically straight
forward, but I can't get any combination to work that others swear works
for them.  This isn't normally difficult but I've been working on this for
4 hours and can't get the right combination to seem to work

Has anyone successfully gotten this to work on centos 7?

thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.celestial.com/pipermail/filepro-list/attachments/20190326/6ae6eec6/attachment.html>


More information about the Filepro-list mailing list