Skip to content

Month: April 2015

Setup SFTP for a user to access restricted folder only on Ubuntu 14.04

Published by crossRT on April 15, 2015

Today I need to give my friend access to my server, so he can edit any files in that folder. My server is running OpenSSH and SFTP is enabled by default, actually I can create a new Linux user for him to access with SFTP. But I just want he accessing to the folder I gave him, so here I modify OpenSSH configuration to fit my need.

System details:

  • Ubuntu 14.04
  • Running OpenSSH

Steps:

  1. Add a group called sftp. 
    sudo addgroup sftp
  2. Add new user with default home path, assign to sftp group and disable shell access. 
    sudo useradd -m -g sftp -s /bin/false username
  3. Give a new password for the user. 
    sudo passwd username
  4. Change home directory’s user and group to root. 
    sudo chown root:root /home/username
  5. Change home directory’s permission 
    sudo chmod 755 /home/username
  6. Go into the folder 
    cd /home/username
  7. Create a new folder named www. 
    sudo mkdir www
  8. Change www folder’s user and group to username. 
    sudo chown username:username www
  9. This step is the core. Edit to /etc/ssh/sshd_config with the editor you used to. 
    sudo nano /etc/ssh/sshd_config
  10. Add following lines to the end of  /etc/ssh/sshd_config. 
    Match group sftp
	ChrootDirectory %h
	X11Forwarding no
	AllowTcpForwarding no
	ForceCommand internal-sftp
	# PasswordAuthentication yes

    Enable PasswordAuthentication by uncomment it if you enabled PubkeyAuthentication for other users in sshd_config.

  11. Restart ssh service. Done. 
    sudo /etc/init.d/ssh restart

 

Leave a Comment