我想配置用户FTP用户使用 sftp 获取现有的 apache 拥有的目录/var/www/网站
我将其添加为新用户并/var/www/网站它的主目录,
useradd -md /var/www/website -s /bin/bash ftpuser
在sshd_配置:
Subsystem sftp internal-sftp
Match User ftpuser
ChrootDirectory /var/www/website
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
该目录现在归根,并具有 acl 权限www-数据用户:
# ls -ltr
drwxrwx---+ 5 root root 4096 Nov 8 2012 website
# getfacl website/
# file: website/
# owner: root
# group: root
user::rwx
user:www-data:rwx
group::rwx
group:www-data:rwx
但每当我尝试连接 SFTP 时,都会出现以下调试错误:
ftpuser@ftp_server's password:
debug3: packet_send2: adding 32 (len 80 padlen 16 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
Authenticated to ftp_server ([ftp_server]:22).
debug2: fd 4 setting O_NONBLOCK
debug3: fd 5 is O_NONBLOCK
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t3 r-1 i0/0 o0/0 fd 4/5 cc -1)
debug1: fd 0 clearing O_NONBLOCK
debug3: fd 1 is not O_NONBLOCK
Connection to 104.237.139.76 closed by remote host.
Transferred: sent 2408, received 2020 bytes, in 0.0 seconds
Bytes per second: sent 627244.1, received 526176.5
debug1: Exit status -1
Couldn't read packet: Connection reset by peer
有什么想法可以解决该问题吗?
编辑:
从/var/log/authz:
fatal: bad ownership or modes for chroot directory component "/var/www/"
答案1
使用ChrootDirectory选项sshd_config需要对书面文本有一些基本的了解。
这是手册页的快照sshd_config(5):
Chroot目录
chroot(2)指定认证后 目录的路径名。路径名的所有组成部分都必须是 root 拥有的目录,且其他任何用户或组都无法写入。chroot 之后,sshd(8)将工作目录更改为用户的主目录。
这是您的错误日志:
fatal: bad ownership or modes for chroot directory component "/var/www/"
当您将一加一时,您就会明白,这不仅/var/www/webiste需要由 root 拥有,而且还需要/var/www由/var目录拥有,正如这里多次提到的那样。