This topic describes the cause of and solution to the issue that the "must be owned by root and not group or world-writable" error message appears when you start the SSH service on a Linux Elastic Compute Service (ECS) instance.
Problem description
When you start the SSH service on a Linux ECS instance, the "must be owned by root and not group or world-writable" error message appears.
Cause
To ensure security, the SSH service has specific requirements for the owners and groups of related directories or files. For example, the Owner and Group attributes of the /var/empty/sshd
directory must be set to the root user and the root group. Otherwise, an exception occurs.
Solution
Configure the Owner and Group attributes of the /var/empty/sshd
directory based on the preceding requirements.
Connect to the ECS instance by using Virtual Network Computing (VNC).
For more information, see Connection method overview.
Run the following command to query the permissions on the
/var/empty/sshd
directory:ll -d /var/empty/
A command output similar to the following one is returned. The command output indicates that the Owner and Group attributes of the
/var/empty/sshd
directory are set to the linux user and the linux group. You must set the attributes to the root user and the root group.Run the following commands in sequence to restore the default configurations.
ImportantThe following chmod command sets the permissions on the /var/empty/sshd directory to 711 and applies to CentOS 7. The required permissions on the /var/empty/sshd directory vary based on the Linux distribution. For information about the permissions on the /var/empty/sshd directory for a Linux distribution, see the directory permission documentation for the distribution.
chown -R root:root /var/empty/sshd chmod -R 711 /var/empty/sshd
Run the following command to restart the SSH service:
systemctl restart sshd.service