You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1.8 KiB
1.8 KiB
sftp configurstion
Steps
-
Create a New Group
$ groupadd sftpusers -
Create Users
# create guestuser $ useradd -g sftpusers -d /incoming -s /sbin/nologin guestuser # change guestuser password $ passwd guestuser # verify creation $ grep guestuser /etc/passwd # modify an existing user. eg john $ usermod -g sftpusers -d /incoming -s /sbin/nologin john -
Setup
sshd_config
$ nano /etc/ssh/sshd_config
- Comment out
Subsystem sftp /usr/libexec/openssh/sftp-server. Add the following
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
Match Group sftpusers
ChrootDirectory /sftp/%u
ForceCommand internal-sftp
- Create sftp home dirctory
$ mkdir /sftp
$ mkdir /sftp/guestuser
$ mkdir /sftp/guestuser/incoming
# set folder ownership
$ chown guestuser:sftpusers /sftp/guestuser/incoming
# set folder group
$ chgrp -R sftpusers /sftp/general
# Give write permission to the group
$ chmod -R g+w /sftp/general
#setup common folder for a group
$ groupadd sftp
$ mkdir /home/sftp
$ chown nobody:sftp /home/sftp/common
$ chmod 770 /home/sftp/common
$ useradd -d /home/sftp/common -g sftp sam
$ useradd -d /home/sftp/common -g sftp tom
$ chmod g+s /home/sftp/common
# verify ownership
$ ls -ld /sftp/guestuser/incoming
drwxr-xr-x 2 guestuser sftpusers 4096 Dec 28 23:49 /sftp/guestuser/incoming
$ ls -ld /sftp/guestuser
drwxr-xr-x 3 root root 4096 Dec 28 23:49 /sftp/guestuser
$ ls -ld /sftp
drwxr-xr-x 3 root root 4096 Dec 28 23:49 /sftp
- Restart sshd
$ service sshd restart
6 Test setup
# user should only able to access the incoming folder as root level
$ sftp guestuser@192.168.0.222