In this tutorial, we will be discussing how to restrict SFTP users to their home directories or specific directories. It means the user can only access his/her respective home directory, not the entire file system.
Restricting users home directories is vital, especially in a shared server environment, so that an unauthorized user won’t sneak peek into the other user’s files and folders.
Important: Please also note that the purpose of this article is to provide SFTP access only, not SSH logins, by following this article will have the permissions to do file transfer, but not allowed to do a remote SSH session.
The simplest way to do this, is to create a chrooted jail environment for SFTP access. This method is same for all Unix/Linux operating systems. Using chrooted environment, we can restrict users either to their home directory or to a specific directory.
Restrict Users to Home Directories
In this section, we will create new group called sftpgroup and assign correct ownership and permissions to user accounts. There are two choices to restrict users to home or specific directories, we will see both way in this article.
Create or Modify Users and Groups
Let us restrict the existing user, for example
tecmint, to his/her home directory named /home/tecmint. For this, you need to create a new sftpgroup group using groupadd command as shown:
Next, assign the user ‘tecmint’ to sftpgroup group.
You can also create a new user using useradd command, for example
senthil and assign the user to sftpusers group.Modify SSH Configuration File
Open and add the following lines to
/etc/ssh/sshd_config configuration file.
Save and exit the file, restart sshd service to take new changes into effect.
No comments:
Post a Comment