Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Create a SFTP user to access only one directory. [closed]

Tags:

linux

shell

ssh

sftp

sshd

I need to create a user which can only SFTP to specific directory and take a copy of some infomation. that is it. I keep looking online and they bring up information about chroot and modifying the the sshd_config.

So far I can just

  • add the user "useradd sftpexport"
  • create it without a home directory "-M"
  • set its login location "-d /u02/export/cdrs" (Where the information is stored)
  • not allow it to use ssh "-s /bin/false"

useradd sftpexport -M -d /u02/export/cdrs -s /bin/false

Can anyone suggest what am meant to edit so the user can only login and copy the file off?

like image 480
Alec George Doran-Twyford Avatar asked Apr 16 '14 04:04

Alec George Doran-Twyford

People also ask

How do I restrict SFTP to a directory in Windows?

Setting up Chroot JailOpen /etc/ssh/sshd_config and paste this at the end of the file. ChrootDirectory will force the user into a chroot jail that is their home directory and ForceCommand internal-sftp will make sure that anything located in .

2 Answers

I prefer to create a user group sftp and restrict users in that group to their home directory.

First, edit your /etc/ssh/sshd_config file and add this at the bottom. 

Match Group sftp     ChrootDirectory %h     ForceCommand internal-sftp     AllowTcpForwarding no

This tells OpenSSH that all users in the sftp group are to be chrooted to their home directory (which %h represents in the ChrootDirectory command)

Add a new sftp group, add your user to the group, restrict him from ssh access and define his home directory. 

groupadd sftp usermod username -g sftp usermod username -s /bin/false usermod username -d /home/username

Restart ssh:

sudo service ssh restart

If you are still experiencing problems, check that the directory permissions are correct on the home directory. Adjust the 755 value appropriately for your setup. 

sudo chmod 755 /home/username

EDIT: Based on the details of your question, it looks like you are just missing the sshd_config portion. In your case, substitute sftp with sftpexport. Also be sure that the file permissions are accessible on the /u02/export/cdrs directory.

An even better setup (and there are even better setups than what I am about to propose) is to symlink the /u02/export/cdrs directory to the user home directory.

like image 163
csi Avatar answered Oct 04 '22 21:10

csi

You could need to add a restricted shell for this user can put some files there. You can use rssh tool for that.

usermod -s /usr/bin/rssh sftpexport

Enable allowed protocols in config /etc/rssh.conf.

like image 25
user3132194 Avatar answered Oct 04 '22 19:10

user3132194
Sign in to Comment

Related questions

Why does g++ look in LIBRARY_PATH/../lib64 and where is this documented?
Docker: Combine multiple images
How to create web based terminal using xterm.js to ssh into a system on local network
Differences between arm "versions?" (ARMv7 only)
WaitForSingleObject and WaitForMultipleObjects equivalent in Linux?
Could you recommend some guides about Epoll on Linux [closed]
Prevent git from popping up gnome password box
How use Qt in Visual Studio Code?
running time of two programs run separately and then together
Forcing a spurious-wake up in Java
Possible values for `uname -m`
Does 3>&1 imply 4>&3 5>&3 etc.?
How can I add a custom footer to Sphinx documentation? (reStructuredText)
Lynx with javascript
How to set a global nofile limit to avoid "many open files" error?
How to automatically pipe to less if the result is more than a page on my shell?
How to let bash subshell to inherit parent's set options?
What is PATH on a Mac (UNIX) system?
"Unexplainable" core dump
What should a Java program listen for, to be a good Linux service?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!