What I'm trying to do is chroot an sftp account and I can't seem to get it to work properly. My setup of the account is as follows.

/var/www/html/jail is my jail root and it has the following directories in it dev,etc,home,lib,usr,var xlan

The users jail area is /var/ww/html/jail/xlan


my /etc/passwd looks like.

jake6937:x:504:504::/var/www/html/jail/./xlan:/usr/sbin/jk_chrootsh

my /var/www/html/jail/etc/passwd looks like

root:x:0:0:root:/root:/bin/bash
jake6937:x:504:504::/xlan:/usr/sbin/jk_lsh

The service is running:

nobody 20458 0.0 0.0 1664 188 ? Ss Mar24 0:00 /usr/sbin/jk_so

But I get this error message when I try to connect

Mar 27 08:06:41 localhost sshd(pam_unix)[2724]: session opened for user jake6937 by (uid=0)
Mar 27 08:06:41 localhost jk_chrootsh[2725]: abort, path /var/www/html/jail/./xlan does not have group 504
Mar 27 08:06:41 localhost sshd(pam_unix)[2724]: session closed for user jake6937


At this point any comments or suggestions would be greatly appreciated.

Can you do an "ls -l -d /var/www/html/jail/./xlan"?

Are you sure user jake6937 has access (at least execute) to all directories leading up to /var/www/html/jail/./xlan?

I figured it out. I just had to to a chgrp 504 /var/www/html/jail/xlan to get it to work.


I'm comming across another problem now. I'm setting up a jail for a second user, I did the exact same thing but I'm getting this error.

Mar 30 13:18:28 localhost jk_chrootsh[14317]: now entering jail /var/www/html/jail for user cent241 (505)
Mar 30 13:18:28 localhost jk_chrootsh[14317]: abort, groupname cent241 differs from jail groupname cent6938 for group ID 505, check /etc/passwd and /var/www/html/jail/etc/passwd


I checked both those password files and the groupname and id are both cent241 and if: 505. I'm not sure what the problemo is here.

Please post all the groups (GID) involved:
-groups from both etc/passwd files and etc/group files
-group ownership of the jail directory
and see where they are inconsistent.