DigitalOcean

Report this

What is the reason for this report?
Question

Giving access to a block storage directory to a chroot user

Posted on March 13, 2025
Block Storage
ralph1

By ralph1

My web users are jailed in their home folder by chroot. I need to give them rw sftp access to a directory on a block storage volume (mounted at /mnt/vol_01, thus outside of their home directory). All permissions are recursively set rw for user:www-data and I also set the same ACL permissions. For testing, I already tried to mount --bind the directory on the BSV inside the home folder of a user. Though the sftp user can read the files on the BSV, the uploads fail, with a sftp protocol error -31, even so, a file is created, but he gets a zero byte size. On the other hand, sftp account logged as root user will work with no issue.

How to fix the issue and give read/write access to the BSV directory to the chroot users? Thanks in advance for any clue :)



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Bobby Iliev
Bobby Iliev
March 14, 2025

Hey Ralph 👋

If I recall correctly OpenSSH requires the chroot base dir to be owned by root and to be not writable. So try to keep /home/user as root:root with chmod 755, then create a subdir like /home/user/uploads and bind-mount your volume there:

mkdir /home/user/uploads
mount --bind /mnt/vol_01 /home/user/uploads

Make sure the mounted dir has the right permissions (user:www-data, chmod 775). In sshd_config use something like this:

Match User your_sftp_user
  ChrootDirectory /home/your_sftp_user
  ForceCommand internal-sftp

Restart SSH with systemctl restart sshd, and give it another try.

- Bobby

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.