sFTP access issues on Ubuntu

Question

I've setup sFTP access on an Ubuntu 9.10 Karmic server but i'm having what i think are permission issues.

With the sFTP account i've created it logs in automatically to:

/srv/www/domain.com/

However, i'm only actually able to upload to:

/srv/www/domain.com/public_html

This is not workable as i need to create directories etc parallel to public_html. I appreciate this is something i've probably done wrong as its patched together from a few help files.

I followed these instructions to create a group for sFTP access, i then created a user and then mod'ed their home directory using:

usermod -d /srv/www/domain.com newuser

Let me know if there's any other information you need to troubleshoot this.

OUTPUT OF COMMANDS

> ls -al /srv/www/domain.com/ | grep public_html
drwxr-xr-x 2 newuser newuser 4096 2010-08-24 12:38 public_html

> ls -al /srv/www/ | grep domain.com
drwxr-xr-x 5 root root 4096 2010-08-24 12:21 domain.com

> groups newuser
newuser : newuser filetransfer

> ls -ld /srv/www/domain.com/
drwxr-xr-x 5 root root 4096 2010-08-24 12:21 /srv/www/domain.com/

score 2 · Accepted Answer · answered Aug 24 '10 at 13:49

2

You are using the ChrootDirectory directive of OpenSSH.

This will only work if the home directory of the respective user is owned by root:root and is not world or global writable (ie. has the permission mask 0755 but not 0770). sshd will issue a warning in your auth.log (or the destination of syslog facility AUTH) otherwise.

answered Aug 24 '10 at 13:49

joschi

20,747
3
46
50

this is where i got a bit confused, the user has a directory inside `home` (/home/newuser) and has also been assigned the site directory using `usermod -d /srv/www/domain.com newuser` - is there something specific i can check? – robjmills Aug 24 '10 at 13:52
The user has exactly one home directory, namely `/srv/www/domain.com`. `/home/newuser` was probably created by `useradd` when you first created the user. In the setup you've described, `/srv/www/domain.com` needs to be owned by `root:root` and must not be writable by the user. You'll have to create the needed subdirectories in `/srv/www/domain.com` yourself and `chown` them to `newuser`. – joschi Aug 24 '10 at 13:55
haha, i assumed i would have issues with all sub-dirs but i didnt! thanks – robjmills Aug 24 '10 at 14:03

score 1 · Answer 2 · answered Aug 24 '10 at 13:05

1

The home directory is unlikely to be the issue here, if you can see the directory you want to write to, just can't write to it.

What is the output of the following commands:
ls -al /srv/www/domain.com/ | grep public_html (if there's a better way to that please say so)
groups newuser

answered Aug 24 '10 at 13:05

James L

5,915
1
19
24

please see above – robjmills Aug 24 '10 at 13:08
Sorry I misread the question, the permissions for public_html look fine but you can upload there so that's to be expected :) Try this instead (sorry for the mistake): `ls -al /srv/www/ | grep domain.com` – James L Aug 24 '10 at 13:25
added above, i tried chown'ing the domain.com dir to newuser:newuser but then the sFTP stopped working completely – robjmills Aug 24 '10 at 13:28
doesnt work i'm afraid – robjmills Aug 24 '10 at 13:47

sFTP access issues on Ubuntu

2 Answers2