Re: sftp on chroot

[Francisco Valladolid <ficovh%gmail.com@localhost>]

Hi.

I have the next and work for me now.

Subsystem       sftp    internal-sftp
Match Group sftponly
        ChrootDirectory /home/%u
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp

% sudo chown root.root /home/hacienda
% sudo mkdir /home/hacienda/public_html
% sudo chmod -R 750 /home/hacienda/public_html
% sudo chown hacienda:www /home/hacienda/public_html

it connect fine via sftp without problems, but Apache have problems
reading  the index.html
inside public_html subdirectory.

I have problems with permisions, whenever, I don't know if it possible
that apache read it.

Regards.


On Sun, Sep 19, 2010 at 11:26 AM, Jean-Yves Migeon
<jeanyves.migeon%free.fr@localhost> wrote:
> On 19.09.2010 17:20, Francisco Valladolid wrote:
>> On Sun, Sep 19, 2010 at 4:54 AM, Jean-Yves Migeon
>> <jeanyves.migeon%free.fr@localhost> wrote:
>>> On 19.09.2010 07:25, Francisco Valladolid wrote:
>>> Try using
>>>
>>> ChrootDirectory %h
>>>
>>> If it does not work, check ssh logs (like /var/log/authlog); the cause
>>> of this is likely to be in there.
>>>
>> Changing ChrootDirectory %h then checking the logs appear:
>> Sep 20 05:25:57 samuel sshd[29022]: fatal: bad ownership or modes for
>> chroot directory "/home/xxx"
>>
>> I think it neccesary, chown root.root /home  ?
>
> Yes, you can't do otherwise; if not, anyone could build up (depending on
> configuration and mount points) his own system within the chroot, and
> circumvent host's configuration.
>
> Note that "chowning root:" the $HOME will prevent a user from creating
> files at its root.
>
> --
> Jean-Yves Migeon
> jeanyves.migeon%free.fr@localhost
>



-- 
Francisco Valladolid H.
 -- http://bsdguy.net - Jesus Christ follower.