SFTP user can't edit or create files

ssh linux permissions sftp chroot

Solution 1:

To properly chroot an sftponly group member, you need to set this options in /etc/ssh/sshd_config:


Subsystem       sftp    internal-sftp
Match Group sftponly
        ChrootDirectory /srv/chroot/%u
        ForceCommand internal-sftp

It is a requirement that the home directory, and the directories all the way up to the root of the system, of chrooted users must belong to root:root

Given the following values for a user:


$ id user001
uid=1003(user001) gid=1003(user001) groups=1006(sftponly)
$ grep user001 /etc/passwd
user001:x:1003:1003::/input:/sbin/nologin

You need a directory structure like this one: 


$ tree /srv/chroot
/srv/chroot
├── user001
│   └── input

Because user001's HOME directory is evaluated after the chroot call, he/she lands in the input directory, where write permissions are valid: 


$ ls -lrtd /srv/chroot/user001/input
drwxrwx--- 2 user001 sftponly 4.0K Apr 07 17:55 /srv/chroot/user001/input

Related

Definition of Fully qualified domain name
SQL Server memory constantly going up, from 1GB RAM used to 7GB in a week
centos: using epel repository on a server machine
Linux process killed even though enough memory available
Installing Ubuntu 12.04 on HP Proliant DL380e with 1TB SAS Drive
SMTP 25 closed even though I allow everything in firewall (Debian server running sendmail)
High Memory Usage on Linux Server
The right way to keep docker container started when it used for periodic tasks
Multiple TXT fields for same subdomain
What is the correct way to open a range of ports in iptables
Why are CA root certificates all SHA-1 signed (since SHA-1 is deprecated)?
How to check for modified config files on a Debian system?