ChrootDirectory access and privilege problem

Posted November 1, 2014 15.4k views

I cant login sftp if I Chrooted user(abc) to write privileged directory (/home/abc/
but I can login if I Chrooted directory (/home/abc/ is only readable privilege to user(abc) or user group (abcgrp)

I want to give write access for specific chrooted folder (/home/abc/ and with user could login to sftp.

thanks for your help.

my sshd_config is:

Match Group abcgrp
ChrootDirectory /home/abc/
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
2 answers

I am guessing that you created the directory as an administrative user and not the user abc?

If so, you need to give the abc user permission to the folder you created as an administrator. Use this command to do that:

chown -R abc:abcgrp /home/abc/
  • Thank you for your answer.

    Folder permission with -R parameter and giving write privilege is already ok
    but I couldn’t connect to server with FileZilla:
    Error: Server unexpectedly closed network connection
    Error: Could not connect to server

    When I remove chroot directory configuration with write permission to abc, it connects.
    When I make chroot directives with readonly permission it connects too.

    I dont know why I could not connect when user has write permission to chrooted folder.

  • That’s interesting… is it working now or no?

  • No I it is not working with the writable permission.
    I can’t connect to sftp with that user.

  • I need more help to solve problem.
    Thank you very much.

Take a look at How can I chroot sftp-only SSH users into their homes? - Ask Ubuntu. In order to chroot abc to /home/abc/, you need to have /home/abc/ writable only by root and grant them write privileges to a subdirectory, e.g. /home/abc/

  • Ok. now the user can connect, and has privilege on /home/abc/ directory.
    thanks to seanthewebber and kamaln7

    Our Solution to friends:

    sudo chown -R root:root /home/abc
    sudo chown -R abc:abcgrp /home/abc/

    sudo chmod 755 -R /home/abc (writable only by root)
    sudo chmod 775 -R /home/abc/ (write privileges to a subdirectory )

    Match Group abcgrp
    ChrootDirectory /home/abc/ (writable only by root)
    ForceCommand internal-sftp
    X11Forwarding no
    AllowTcpForwarding no

  • You’re quite welcome! Glad we could get it worked out!

    Also, thank you for posting the complete solution. Many people forget to do that.