1

Centos recently updated to 7.3 and there's been problems with sshd sftp group permissions. I have one user that is chrooted to it's home directory, and that user is in group sftponly. Then i have the /var/www directory, which has 775 permissions and owner is apache and owner group is sftponly. I have a bind link pointing from /home/user/files/web --> /var/www, so the user can access /var/www even though being chrooted to it's home directory. I can view files in /var/www with that user, but impossible to edit or add anything. This worked fine before the big Centos 7.3 update, and now it's stopped working. Any ideas?

Jojo595
  • 15
  • 4
  • 1
    Get an error message. Check your logs. – Michael Hampton Dec 16 '16 at 06:02
  • 1
    Possible duplicate of [SFTP suddenly failing for chroot accounts on Amazon Linux](http://serverfault.com/questions/816219/sftp-suddenly-failing-for-chroot-accounts-on-amazon-linux) – Jakuje Feb 19 '17 at 19:13

1 Answers1

2

This is a known bug and it will be fixed in the next update. Before that, it is good to stay on the previous version.

Jakuje
  • 9,145
  • 2
  • 40
  • 44
  • Approximately when is the fix coming? – Jojo595 Dec 16 '16 at 20:04
  • There is no official release date for this (the dates are Red Hat internal AFAIK). And the time when it gets to CentOS, it is other unknown, but it takes also some time. – Jakuje Dec 16 '16 at 20:08
  • How could i rollback to the previous version of centos? As i've read there is no clean way to rollback from yum updates, also with an update as massive as centos 7.3, i fear i may break more stuff than i'll fix by rolling back... – Jojo595 Dec 18 '16 at 00:05
  • Doing `yum downgrade "openssh*"` should do the job. It is still only minor update and it should not cause any troubles. – Jakuje Dec 18 '16 at 11:17
  • I'm getting: `No Match for available package: openssh-askpass-6.6.1p1-31.el7.x86_64 No Match for available package: openssh-keycat-6.6.1p1-31.el7.x86_64 No Match for available package: openssh-ldap-6.6.1p1-31.el7.x86_64 No Match for available package: openssh-server-sysvinit-6.6.1p1-31.el7.x86_64` – Jojo595 Dec 19 '16 at 03:22
  • Then you will need to download the packages from 7.2, which are available under http://mirror.centos.org/centos/7.2.1511/updates/x86_64/Packages/ – Jakuje Dec 20 '16 at 08:28