mardi 1 décembre 2020

restrict SFTP to a user and specific directory

 create a SSH Subsystem :


#Subsystem      sftp    /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
  Match group sftpusers
  ChrootDirectory %h
  ForceCommand internal-sftp


restart ssh server

create a user member of sftpusers:


sudo useradd -g sftpusers -s /sbin/nologin -m -d /directory/to/share username

Apply permissions for Chroot

As ChrootDirectory needs to belong to root and have 755 permissions :
chown root: /directory
chown root: /directory/to
chown root: /directory/to/share
and also apply 755 permissions to these

apply the wanted permissions for the shared directory

chown -R user1:sftpusers /directory/to/share/*

Publié par Aucun commentaire:
Inscription à : Articles (Atom)