:What do I do if the "must be owned by root and not group or world-writable" error message appears when I start the SSH service on a Linux ECS instance?

Problem description

When you start the SSH service on a Linux ECS instance, the "must be owned by root and not group or world-writable" error message appears.

Cause

To ensure security, the SSH service has specific requirements for the owners and groups of related directories or files. For example, the Owner and Group attributes of the /var/empty/sshd directory must be set to the root user and the root group. Otherwise, an exception occurs.

Solution

Configure the Owner and Group attributes of the /var/empty/sshd directory based on the preceding requirements.

1. Connect to the ECS instance by using Virtual Network Computing (VNC).

   For more information, see Connection method overview.

2. Run the following command to query the permissions on the /var/empty/sshd directory:

   ll -d /var/empty/

   A command output similar to the following one is returned. The command output indicates that the Owner and Group attributes of the /var/empty/sshd directory are set to the linux user and the linux group. You must set the attributes to the root user and the root group.

   

3. Run the following commands in sequence to restore the default configurations.

   Important

   The following chmod command sets the permissions on the /var/empty/sshd directory to 711 and applies to CentOS 7. The required permissions on the /var/empty/sshd directory vary based on the Linux distribution. For information about the permissions on the /var/empty/sshd directory for a Linux distribution, see the directory permission documentation for the distribution.

   chown -R root:root /var/empty/sshd
   chmod -R 711 /var/empty/sshd

4. Run the following command to restart the SSH service:

   systemctl restart sshd.service