restrict sftp user to folder

How to Create SFTP User for Specific Directory

SFTP stands for secure file transfer protocol, and is a popular FTP used by Linux users to transfer files to & from remote servers. It allows you to control user access effectively. While working with SFTP, sometimes you may need to create SFTP user for specific directory such as just one folder. In this article, we will learn how to restrict user access to just one folder on your remote server.

How to Create SFTP User for Specific Directory

Here are the steps to create SFTP user for specific directory.

1. Edit SSH Config File

Open terminal and run the following command to edit SSH configuration file.

$ sudo vi /etc/ssh/sshd_config

Add the following lines at the bottom.

Match Group sftp
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no  

In the above line, we specify that users belonging to user group sftp should be restricted to their home directory (chroot). It is represented by %h in ChrootDirectory command.

2. Create SFTP User Group

Run the following commands to create SFTP user group. Replace username with your SFTP username.

$ groupadd sftp
$ usermod username -g sftp
$ usermod username -s /bin/false
$ usermod username -d /home/username

3. Restart SSH

Restart SSH server with the following commands. Replace username with your SFTP username.

$ sudo service ssh restart

4. Check Directory Permission (Optional)

If you are still experiencing problems, check the folder permissions with the following command.

$ sudo chmod 755 /home/username

That’s it. In this short article, we have seen how to restrict SFTP user to their home directory.

Also read:

How to Open File Dialog Box in Python
How to Share Folder Between Linux Servers
How to Disable SELinux in CentOS & RHEL
How to Setup SSH Tunneling in Linux
How to Save Terminal History in Linux

Leave a Reply

Your email address will not be published. Required fields are marked *