Hi Joseph,
I had the same problem.
The thing is that specyfying /space/storage/jsmith you are providing a
/ directory forr that user. You would want in this case specify
/space/storage as ChrootDirectory and then create
/space/storage/jsmith with 700 in it.
Hope that helps.
Cheers. Simon
2008/7/9 Joseph Spenner <joseph85750@yahoo.com>:
I recently compiled/installed openssh version OpenSSH_5.0p1. I'm trying to
make use of the ChrootDirectory to restrict a particular user to only be able
to use sftp and in their homedir. From what I've read, I should be able to
accomplish this by adding something like this to the sshd_config:
Match user jsmith
ForceCommand internal-sftp
ChrootDirectory /space/storage/jsmith
I created user jsmith, with his homedir being /space/storage/jsmith.
I restarted sshd.
When I try to connect as that user, the following is returned:
Connection to 10.2.2.135 closed by remote host.
Connection to 10.2.2.135 closed.
The sshd log has an entry:
Jul 9 21:31:12 happybox sshd[8741]: [ID 800047 local5.crit] fatal: bad
ownership or modes for chroot directory "/space/storage/jsmith"
The permissions of /space/storage/jsmith seem ok:
drwxr-xr-x 3 jsmith other 512 Jul 9 21:19 jsmith
The .ssh directory is 700, just like my other users (and myself) who can
connect normal.
I thought maybe the "ForceCommand internal-sftp" was giving me problems, so I
removed that from the sshd_config to see if I could simply make this user
have a shell account chroot'd to his homedir. But, the same error was
returned.
If I remove the entries from the sshd_config file, the user can connect fine,
but not chrooted.
Are there some specific permissions or entries in my sshd_config that I'm
missing?
Any help would be great.
Thanks!
