Making ChrootDirectory directory writable by SFTP user

Unix & Linux Asked by tshepang on October 30, 2020

If a user logs into a machine via SFTP, one can make use of ChrootDirectory keyword to give an illusion that user is in a root directory. But that directory is only writable by root user. I would love for this user to have such write capabilities, and it doesn’t appear that OpenSSH offers this, unless I missed something?

I am aware that that SFTP user can be given write access to any file/directory inside that ChrootDirectory, but it’s not good enough. I want the user to also create/delete the files directly under that “root” directory, without the workaround of creating a subdirectory that that user has write access to.

One Answer

I ran into the same problem with my in-house SFTP. What I did to get around this is:

Inside your sshd_config file:

Match group     sftpusers
  ChrootDirectory %h

Inside your /etc/groups file, add your sftp user to the sftpusers group (create it if it doesn't exist):


For the ChrootDirectory, make sure you chown the directory to the following (warning be-careful of the directory that you are running this command on, make sure it is being run only on the directory that the user logs into, the -R commend means recursive, so if there are subfolder you do not wish this to command to include, remove it. Also a SFTP user should never be given access to a root level system directory like /etc, best to make a folder under something like /usr/local/alcatraz and give them access to that):

chown -R root:sftpusers userChrootDirectory

Chmod the directory to have the permission you desire, something like:


If you require more information, let me know, this is just the highlights, that should get you to where you want to be.

Answered by devnull on October 30, 2020

Add your own answers!

Related Questions

Why I can’t increase the transmit power of my Wifi interface?

1  Asked on November 19, 2021 by christopher-shaju


compare available list with chosen ids in shell script

2  Asked on November 19, 2021 by user3696623


How do I gunzip to a particular directory?

2  Asked on November 19, 2021


How to blacklist built-in Kernel module 8250_pci

1  Asked on November 19, 2021 by mark2012


Input Output errors on disk drives

1  Asked on November 19, 2021 by yuanl


Linux X86_64 physical memory layout

1  Asked on November 19, 2021 by franc-m


feh keys configuration not working

1  Asked on November 19, 2021 by ma08


slow Matlab on Ubuntu LTS and ZERO Swap

2  Asked on November 18, 2021 by waleed-shawki


Save all the terminal output to a file

3  Asked on November 18, 2021 by user78927


CentOS: Wireless adapter not found

0  Asked on November 17, 2021 by mohit-singh


cmd nested in backticks processed from sudo?

1  Asked on November 17, 2021 by alecxs


Ask a Question

Get help from others!

© 2023 All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP