sftp and WARN: / is group writable
After literally countless hours setting up a SFTP user one of my Ubuntu servers, and having error messages on SFTP login, I finally succeeded.
The issue that I’ve faced is that the SFTP user couldn’t login and was presented with the error message:
[code]Write failed: Broken pipe
Couldn’t read packet: Connection reset by peer[/code]
Looking at the /var/log/auth.log file revealed the following:
[code]fatal: bad ownership or modes for chroot directory component "/"[/code]
The permissions for the directory for this user was set correctly and ssh server was restarted, I’ve even restarted the whole server to no avail. However, and out out of pure luck, when I turned off UFW I saw an error message saying:
[code]WARN: / is group writable![/code]
Since chrooted SFTP is really really picky about permissions, I knew it had to do something with permissions. I then checked the permissions of the root directory with:
[code]ls -ld /[/code]
and sure enough it had the write for the group enabled. A quick:
[code]chmod g-w /[/code]
issues and sure enough also the SFTP user was able to sign in!
As always, the solution to the problem was simple.