Limit SFTP user access to specified directory
I have a Ubuntu 14.04 server installed with open ssh. I'd like to configure sftp for customers to be able to download files only. In other words, I put files in a directory that they are jailed to. I need to make sure they can only access the directory with their file(s) and nothing else.
Originally I was going to use vsftpd, but someone told me that sftp is the better option. If there's some documentation on what I need that would be great.
I need help with the following:
- How to configure sftp
- How to set up user accounts and use them for sftp
- How to set accounts to jail
Solution 1:
Settings for /etc/ssh/sshd_config
Subsystem sftp internal-sftp -f AUTH -l VERBOSE
UsePAM yes
Match group sftp
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
create group sftp:
groupadd sftp
Create directory
sudo mkdir /ftpusers
sudo mkdir /ftpusers/HomeFolder
Create user directly with new sftp group attached:
sudo useradd -d /ftpusers/HomeFolder -m UserName -g sftp -s /bin/false
sudo passwd UserName
set permissions for use with ssh for sftp:
chown root:root /ftpusers/HomeFolder
chmod 755 /ftpusers/HomeFolder
restart service:
service ssh restart
Note, the home folder for the new sftp user has to be given root owner.