Linux shell to restrict sftp users to their home directories?

linux shell sftp

MrFidge · Oct 6, 2009 · Viewed 50.4k times · Source

I need to give SFTP access to a directory within my webroot on my server. I've set up ben_files as a user and have set his home directory to

/var/www/vhosts/mydomain.com/files

That's all fine if he connects with plain old FTP - he's restricted just to that directory, but to enable SFTP i had to add him to bin/bash shell, which suddenly opens up my entire server...

Is there a way of giving him SFTP access but without opening up all my directories? I'd really like him restricted to only his home ;)

Thanks!

Answer

OpenSSH≥4.8 supports a ChrootDirectory directive.

Add to /etc/sshd_config or /etc/ssh/sshd_config or whatever your setup's global sshd config file is:

Match user ben_files
        # The following two directives force ben_files to become chrooted
        # and only have sftp available.  No other chroot setup is required.
        ChrootDirectory /var/www/vhosts/mydomain.com/files
        ForceCommand internal-sftp
        # For additional paranoia, disallow all types of port forwardings.
        AllowTcpForwarding no
        GatewayPorts no
        X11Forwarding no

Linux shell to restrict sftp users to their home directories?

Answer

Related questions