-1

I'm trying to let create a user with SFTP permissions to only one directory (that is not his home directory). When he connects through a SFTP client I want him to land on this directory and I don't want him to be able to view any other directory unless it's a sub-directory. I'm using Ubuntu 12.04.

I followed the steps below:

Edit the /etc/ssh/sshd_config file.

Add or modify the Subsystem sftp line to look like the following:

Subsystem sftp internal-sftp

Add the below block of text to the bottom of the file:

Match Group filetransfer
    ChrootDirectory %h
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp

Restart OpenSSH:

service ssh restart

Create a system group for users whom you want to restrict to SFTP access:

addgroup --system filetransfer

sudo adduser username #added user
usermod -G filetransfer username #added him to the group
chown root:root /home/username #disabled access to his default home directory
chmod 755 /home/username

Changed the permissions directory I want him to be able to modify:

cd /srv/www/website_name/public_html/wp-content/themes/
chown username:filetransfer specific_folder
chown username:filetransfer specific_folder/*

Set this folder as his home directory:

sudo usermod -d /srv/www/website_name/public_html/wp-content/themes/specific_folder username

But now I'm not able to connect using SFTP. This fails after I change his home directory. What should I do to fix this?

Tom
  • 153
  • 6
  • The output of `ssh -v` as well as the log on the server may provide some hints. Without those we are left guessing about the reason. The link posted by @Jakuje is one possible guess, another possibility is that after you change home directory, the `authorized_keys` file can no longer be found. – kasperd Apr 03 '16 at 14:16

1 Answers1

-2

I would chroot the users and make sure they cannot get a shell. Try this

Silent-Bob
  • 1,066
  • 6
  • 9
  • the important section in which he details how to add directory permissions says "This section has deliberately been left blank, i am not confident enough in my understanding of file permissions to write this as a step by step guide (anyone else in the same situation copying and pasting my commands could end up with improperly set privileges), if someone else believes they do have a decent understand of how to do this then post below and i will add it in (giving credit and linking to the post in the list of contributors at the end of this guide). " – Tom Mar 24 '16 at 11:30
  • Oh, sorry. Haven't read it completely. But, there are lot's of other guides out there. Now that you have the right keywords to search for them. – Silent-Bob Mar 24 '16 at 11:47