SFTP User Sees Root of Directory

Quick Summary

When an SFTP user logs in, they are taken to the root directory of the Linux filesystem.

The root cause is a Group ID conflict (999) between SFTP Gateway and another service installed on your Azure VM. Membership to the sftponly group is how we chroot SFTP users.

The solution is to change the GID of sftponly to some other number (899).

Verify the Group ID

SFTP users are chrooted if they are members of the sftponly group. The first thing to check is whether they are members of this group. SSH into the VM and run this command:

sudo getent group

On a working system, you should see the following:

• Your SFTP users should appear next to the sftponly group

• The sftponly group should be the only one with GID 999

If you are seeing another group using GID 999, you will need to change the GID for sftponly.

Change the Group ID

Since we are using LDAP, you will have to change the GID for sftponly at the LDAP level.

1. Create a file named `updategroupnumber.ldif` with the following contents:
   

   dn: cn=sftponly,ou=Groups,dc=sftpgateway,dc=comchangetype: modifyreplace: gidNumbergidNumber: 899​

   
   This file contains instructions to change the gidNumber of the sftponly group within LDAP.
   
   

2. Get the LDAP password. You'll use this later to modify LDAP. (The following code should be a single line)
   

    ldappassword=$(sudo grep ldap.password /opt/sftpgw/application.properties | cut -d`=` -f2)​

   
   This copies the LDAP password from the application.properties file, and stores it in the variable $ldappassword.
   
   

3. Run the modify command:
   

   ldapmodify -D cn=admin -w $ldappassword -f updategroupnumber.ldif​

   
   This command modifies LDAP. Specifically, it changes the gidNumber on sftponly to 899. And it uses the admin/ldappassword credentials you copied earlier.