# chroot for SFTP on apache sites



## johndakos (Sep 19, 2014)

Goodmorning.
I have a FreeBSD 10 64bit with Apache 2.4 and 5 web pages. Apache sites are in directory /usr/local/www/apache24/data/site1, site2, site3, site4, site5. We want chroot(8) for SFTP for developers on these sites. I followed this guide to chroot(8) user's SFTP but  without success.

/etc/ssh/sshd_config:

```
Match group chroot
ChrootDirectory /home/%u/
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
```
I make a group
`pw addgroup chroot`

I add a user developer1 to group chroot with nologin shell and home directory  /usr/local/www/apache24/data/site1. I changed the permissions for home developer1  `chown -R root:chroot  /usr/local/www/apache24/data/site1`. I make a directory files on home directory

```
mkdir /usr/local/www/apache24/data/site1/files
chown -R developer1:chroot /usr/local/www/apache24/data/site1/files

Bad ownership or modes for chroot directory component "/usr/local/www/apache24/data/site1"
```
What am I doing wrong?
Can anybody help?
Thanks


----------



## von_Gaden (Sep 19, 2014)

I'd rather use ftp/pure-ftpd
I think it is more suitable for web sites/hosting and as I remember supports SFTP.

A small wiki page may be helpful for you: https://wiki.archlinux.org/index.php/SFTP


----------



## SirDice (Sep 19, 2014)

johndakos said:
			
		

> What am I doing wrong?


It would probably help if you told us what's not working. "It doesn't work" doesn't tell us much. Are you getting errors? Users not getting the correct directory? Are the users actually members of the chroot group?


----------



## johndakos (Sep 19, 2014)

Thanks for  your answer. My error in logs is 

```
Bad ownership or modes for chroot directory component "/usr/local/www/apache24/data/site1"
```

developer1 .2.3.4.5 are all members to chroot group


My permissions on site1 are  

```
drwxrwxr-x  5 root  wheel  512 Sep 18 12:31 site1
```
My permission on home directory /usr/local/www/apache24/data/site1/developer1

```
drwxr-xr-x  2 developer1   chroot       512 Sep 18 11:49 developer1
```
This is the problem users can't connect on their chroot directory

thanks


----------



## johndakos (Sep 22, 2014)

Okay thanks all.

I found my mistake.


```
ChrootDirectory
Specifies the pathname of a directory to chroot(2) to after authentication. All components of the pathname must be root-owned directories that are not writable by any other user or group. After the chroot, sshd(8) changes the working directory to the user's home directory.
```

Permissions 

Thanks.


----------

