Skip to content

Month: April 2015

Setup SFTP for a user to access restricted folder only on Ubuntu 14.04

Today I need to give my friend access to my server, so he can edit any files in that folder. My server is running OpenSSH and SFTP is enabled by default, actually I can create a new Linux user for him to access with SFTP. But I just want he accessing to the folder I gave him, so here I modify OpenSSH configuration to fit my need.

System details:

  • Ubuntu 14.04
  • Running OpenSSH

Steps:

  1. Add a group called sftp.
    sudo addgroup sftp
  2. Add new user with default home path, assign to sftp group and disable shell access.
    sudo useradd -m -g sftp -s /bin/false username
  3. Give a new password for the user.
    sudo passwd username
  4. Change home directory’s user and group to root.
    sudo chown root:root /home/username
  5. Change home directory’s permission
    sudo chmod 755 /home/username
  6. Go into the folder
    cd /home/username
  7. Create a new folder named www.
    sudo mkdir www
  8. Change www folder’s user and group to username.
    sudo chown username:username www
  9. This step is the core. Edit to /etc/ssh/sshd_config with the editor you used to.
    sudo nano /etc/ssh/sshd_config
  10. Add following lines to the end of  /etc/ssh/sshd_config.
    Match group sftp
    	ChrootDirectory %h
    	X11Forwarding no
    	AllowTcpForwarding no
    	ForceCommand internal-sftp
    	# PasswordAuthentication yes

    Enable PasswordAuthentication by uncomment it if you enabled PubkeyAuthentication for other users in sshd_config.

  11. Restart ssh service. Done.
    sudo /etc/init.d/ssh restart

 

Leave a Comment