Ubuntu 14.04:由于所有权或模式错误，无法访问 sftp [英] Ubuntu 14.04: no sftp-access because of bad ownership or modes

问题描述

我在通过 sftp 连接到我的 ubuntu 14.04 服务器时遇到问题.每次尝试连接时，我都会收到以下信息/错误消息:

I have a problem connecting to my ubuntu 14.04 server via sftp. Everytime I try to connect, I get this info/error messages:

Sep 18 15:04:47 localhost sshd[2917]: Accepted password for junperbo from      87.129.13.92 port 59333 ssh2
Sep 18 15:04:47 localhost sshd[2917]: pam_unix(sshd:session): session opened for user junperbo by (uid=0)
Sep 18 15:04:47 localhost systemd-logind[2427]: Removed session 2.
Sep 18 15:04:47 localhost systemd-logind[2427]: New session 3 of user junperbo.
Sep 18 15:04:48 localhost sshd[2954]: fatal: bad ownership or modes for chroot directory component "/var/www/"
Sep 18 15:04:48 localhost sshd[2917]: pam_unix(sshd:session): session closed for user junperbo

我是管理 Ubuntu 服务器的新手，所以请在您的回答中详细说明.我知道这个问题可以用chmod"或/和chown"解决，但如何解决?

I'm new to managing my Ubuntu server, so please be detailed in your answers. I know that the problem can be solved with "chmod" or/and "chown", but how?

请记住，我已经用这个子系统编辑了我的 sshd_config:

Please keep in mind, that I have edited my sshd_config with this Subsystem:

Subsystem sftp internatl-sftp
Match group ftpaccess
AllowUsers junperbo
ChrootDirectory /var/www/%u
PasswordAuthentication yes
x11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

具有 ftp-access 权限的用户应该是 ftpaccess 组的成员.使用此命令添加用户:

Users with ftp-access shoul be member of the ftpaccess group. User are added with this command:

sudo adduser USERNAME --ingroup ftpaccess --no-create-home --shell=/bin/false

"ls -la/var/www" 给我以下输出

"ls -la /var/www" gives me the following output

total 20
drwxrwx---  5 root     root      4096 Sep 18 06:45 .
drwxr-xr-x 13 root     root      4096 Sep 16 16:09 ..
drwxr-xr-x  2     1002 ftpaccess 4096 Sep 18 06:27 domainx
drwxr-xr-x  2 root     root      4096 Sep 16 16:15 html
drwxr-xr-x  2 junperbo ftpaccess 4096 Sep 18 06:45 junperbo

目的是使用上面的命令简单地将新用户添加到 ftpaccess 组.如果可能，我不想将每个新用户都添加到我的 sshd_conf 中.

The aim is to simply add new users to the ftpaccess group with the command above. If possible, I don't want to add every new user to my sshd_conf.

我该如何解决这个问题?

How can I solve this problems?

谢谢，布罗茨卡

推荐答案

sshd_config(5) 有一个手册页，它包含所有你想设置你的服务器的所有信息.对你来说，chroot 目录很重要:

There is manual page for sshd_config(5) and it contains all information for all you want to set up your server. For you, there is important part about chroot directory:

指定认证后chroot(2)到的目录的路径名.在会话启动时 sshd(8) 会检查路径名的所有组成部分是不是任何其他用户或组都不可写的根目录. 在 chroot 之后，sshd(8) 将工作目录更改为用户的主目录.

ChrootDirectory

Specifies the pathname of a directory to chroot(2) to after authentication. At session startup sshd(8) checks that all components of the pathname are root-owned directories which are not writable by any other user or group. After the chroot, sshd(8) changes the working directory to the user's home directory.

这意味着你需要执行:

chown root:root /var/www
chmod go-w /var/www

这篇关于Ubuntu 14.04:由于所有权或模式错误，无法访问 sftp的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！