Menu
I need to give SFTP access to a directory within my webroot on my server. I've set up ben_files as a user and have set his home directory to
/var/www/vhosts/mydomain.com/files
That's all fine if he connects with plain old FTP - he's restricted just to that directory, but to enable SFTP i had to add him to bin/bash shell, which suddenly opens up my entire server...
Is there a way of giving him SFTP access but without opening up all my directories? I'd really like him restricted to only his home ;)
Thanks!
677
To prevent specific FTP users from accessing the storage system, you can add them to the /etc/ftpusers file. To restrict FTP users to a specific directory, you can set the ftpd. dir. restriction option to on; otherwise, to let FTP users access the entire storage system, you can set the ftpd.
OpenSSH≥4.8 supports a ChrootDirectory directive.
Add to /etc/sshd_config or /etc/ssh/sshd_config or whatever your setup's global sshd config file is:
Match user ben_files # The following two directives force ben_files to become chrooted # and only have sftp available. No other chroot setup is required. ChrootDirectory /var/www/vhosts/mydomain.com/files ForceCommand internal-sftp # For additional paranoia, disallow all types of port forwardings. AllowTcpForwarding no GatewayPorts no X11Forwarding no
57
You might try setting his shell to /bin/rbash
RESTRICTED SHELL If bash is started with the name rbash, or the -r option is supplied at invocation, the shell becomes restricted. A restricted shell is used to set up an environment more controlled than the standard shell. It behaves identically to bash with the exception that the following are disallowed or not performed:
· changing directories with cd
plus more...
Make sure you fully understand what is allowed and disallowed before you use this.
43
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
