Search code examples
ubuntusftpownership

Ubuntu 14.04: no sftp-access because of bad ownership or modes

I have a problem connecting to my ubuntu 14.04 server via sftp. Everytime I try to connect, I get this info/error messages:

Sep 18 15:04:47 localhost sshd[2917]: Accepted password for junperbo from      87.129.13.92 port 59333 ssh2
Sep 18 15:04:47 localhost sshd[2917]: pam_unix(sshd:session): session opened for user junperbo by (uid=0)
Sep 18 15:04:47 localhost systemd-logind[2427]: Removed session 2.
Sep 18 15:04:47 localhost systemd-logind[2427]: New session 3 of user junperbo.
Sep 18 15:04:48 localhost sshd[2954]: fatal: bad ownership or modes for chroot directory component "/var/www/"
Sep 18 15:04:48 localhost sshd[2917]: pam_unix(sshd:session): session closed for user junperbo

I'm new to managing my Ubuntu server, so please be detailed in your answers. I know that the problem can be solved with "chmod" or/and "chown", but how?

Please keep in mind, that I have edited my sshd_config with this Subsystem:

Subsystem sftp internatl-sftp
Match group ftpaccess
AllowUsers junperbo
ChrootDirectory /var/www/%u
PasswordAuthentication yes
x11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Users with ftp-access shoul be member of the ftpaccess group. User are added with this command:

sudo adduser USERNAME --ingroup ftpaccess --no-create-home --shell=/bin/false

"ls -la /var/www" gives me the following output

total 20
drwxrwx---  5 root     root      4096 Sep 18 06:45 .
drwxr-xr-x 13 root     root      4096 Sep 16 16:09 ..
drwxr-xr-x  2     1002 ftpaccess 4096 Sep 18 06:27 domainx
drwxr-xr-x  2 root     root      4096 Sep 16 16:15 html
drwxr-xr-x  2 junperbo ftpaccess 4096 Sep 18 06:45 junperbo

The aim is to simply add new users to the ftpaccess group with the command above. If possible, I don't want to add every new user to my sshd_conf.

How can I solve this problems?

Thanks, Brotzka

Solution

  • There is manual page for sshd_config(5) and it contains all information for all you want to set up your server. For you, there is important part about chroot directory:

    ChrootDirectory

    Specifies the pathname of a directory to chroot(2) to after authentication. At session startup sshd(8) checks that all components of the pathname are root-owned directories which are not writable by any other user or group. After the chroot, sshd(8) changes the working directory to the user's home directory.

    This means that you need to execute:

    chown root:root /var/www
chmod go-w /var/www