How do I restrict the user to only be able to do anything within that folder? (ie: that folder is the user's root and they cannot view/edit anything higher in the directory tree)
Step-1: adding a new group
sudo addgroup sftptsl
Step-2: Create the chroot directory
sudo mkdir /var/www/html/user-dir/
sudo chmod g+rx /var/www/html/user-dir/
Step-3: Create the group-writable directory
sudo mkdir -p /var/www/html/user-dir/working-dir1/
sudo chmod g+rwx /var/www/html/user-dir/working-dir1/
Step-4: Give them both to the new group.
sudo chgrp -R sftptsl /var/www/html/user-dir/
Step-5: create an user and asign to this group
sudo adduser --ingroup sftptsl sftpuser
## group change
You can also assign an existing user to the group
usermod -g primarygroupname username
usermod -G secondarygroupname username
-g (primary group assigned to the users)
-G (Other groups the user belongs to)
Step-6: Open the SSH configuration file from "/etc/ssh/sshd_config", add the below text end of the file
Match Group sftptsl
# Force the connection to use SFTP and chroot to the required directory.
ForceCommand internal-sftp
ChrootDirectory /var/www/html/user-dir/
# Disable tunneling, authentication agent, TCP and X11 forwarding.
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
Step-7: Check it is working or not by using filezilla or any remote file browser.
No comments:
Post a Comment