SFTP stands for secure file transfer protocol, and is a popular FTP used by Linux users to transfer files to & from remote servers. It allows you to control user access effectively. While working with SFTP, sometimes you may need to create SFTP user for specific directory such as just one folder. In this article, we will learn how to restrict user access to just one folder on your remote server.
How to Create SFTP User for Specific Directory
Here are the steps to create SFTP user for specific directory.
1. Edit SSH Config File
Open terminal and run the following command to edit SSH configuration file.
$ sudo vi /etc/ssh/sshd_config
Add the following lines at the bottom.
Match Group sftp ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no
In the above line, we specify that users belonging to user group sftp should be restricted to their home directory (chroot). It is represented by %h in ChrootDirectory command.
2. Create SFTP User Group
Run the following commands to create SFTP user group. Replace username with your SFTP username.
$ groupadd sftp $ usermod username -g sftp $ usermod username -s /bin/false $ usermod username -d /home/username
3. Restart SSH
Restart SSH server with the following commands. Replace username with your SFTP username.
$ sudo service ssh restart
4. Check Directory Permission (Optional)
If you are still experiencing problems, check the folder permissions with the following command.
$ sudo chmod 755 /home/username
That’s it. In this short article, we have seen how to restrict SFTP user to their home directory.