Home Linux Setup SFTP-Only User Accounts On Ubuntu 14

Setup SFTP-Only User Accounts On Ubuntu 14

Linux By · January 1, 2020 · 0 Comment Share


Introduction

Certain scenarios require you to create users with read and write access to a single directory via FTP only. This write-up will show you how to create such users. They will not be able to navigate outside their home directory, login to the server via SSH, or execute shell commands.

Setup SFTP Group and Service

  1. Create sftpusers group.

    sudo groupadd sftpusers

  2. Comment out setting disabling SFTP access from sshd config file.

    sudo sed -i "s/Subsystem sftp //usr//lib//openssh//sftp-server/#Subsystem sftp //usr//lib//openssh//sftp-server/" /etc/ssh/sshd_config

  3. Open sshd config file sudo nano /etc/ssh/sshd_config, add below snippet it, and exit (Ctrl+X -> Y -> Hit Enter).

    #enable sftp
Subsystem sftp internal-sftp

Match Group sftpusers
   ChrootDirectory %h #set the home directory
   ForceCommand internal-sftp
   X11Forwarding no
   AllowTCPForwarding no
   PasswordAuthentication yes

  4. Restart ssh.

    sudo service ssh restart

Creating Users

Repeat the process below for every SFTP only user you want to add to the server.

# create user
sudo adduser sftpuser1

# prevent ssh login & assign SFTP group
sudo usermod -g sftpusers sftpuser1
sudo usermod -s /bin/nologin sftpuser1

# chroot user (so they only see their directory after login)
sudo chown root:sftpuser1 /home/sftpuser1
sudo chmod 755 /home/sftpuser1

sudo mkdir /home/sftpuser1/uploads
sudo chown sftpuser1:sftpuser1 /home/sftpuser1/uploads
sudo chmod 755 /home/sftpuser1/uploads

You can make creating users faster by wrapping above into a function and adding it to your bashprofile by (1) running sudo nano ~/.bash_profile; (2) adding the snippet below to it; (3) running source ~/.bash_profile.

After that, creating a new SFTP user becomes as easy as running the command create_sftp_user along with a username as its parameter.

# usage: create_sftp_user <username>
function create_sftp_user() {
    # create user
    sudo adduser $1

    # prevent ssh login & assign SFTP group
    sudo usermod -g sftpusers $1
    sudo usermod -s /bin/nologin $1

    # chroot user (so they only see their directory after login)
    sudo chown root:$1 /home/$1
    sudo chmod 755 /home/$1

    sudo mkdir /home/$1/uploads
    sudo chown $1:$1 /home/$1/uploads
    sudo chmod 755 /home/$1/uploads
}

Test to make sure the user you created can connect to the server via SFTP (Note: Connect using SFTP and not FTP).

Written by Lami Adabonyan

Want to contribute?

You could earn up to $300 by adding new articles

Submit your article
Suggest an update
Request an article

How VPS

Related Posts

How to Install Apache Tomcat 8 on CentOS 7

How to Install Apache Tomcat 8 on CentOS 7?

February 11, 2020 0
How to Install Apache Tomcat 8 on CentOS 7? Apache Tomcat is an open-source web server that is designed to serve Java web pages. It is widely deployed and powers... Read more

Setup IonCube Loader on Ubuntu 14

January 1, 2020 0
What is IonCube? IonCube gives developers the opportunity to protect their code that is written in the PHP programming language. IonCube prevents this code from being viewed, edited, and run... Read more

Converting from MySQL to MariaDB on Ubuntu

January 1, 2020 0
This guide is intended to help you with converting a MySQL server to a MariaDB server. In addition, we will be resolving unmet dependencies that may happen during the conversion... Read more

How To Install Caddy on Linux

January 1, 2020 0
Caddy is a web server that allows HTTP/2. It is a full-featured web server that includes the ability to enable HTTPS automatically. This allows for web server creation with high... Read more

Introduction to Tcpdump

January 1, 2020 0
If you run a server, you will undoubtedly get to a point where you need to nail down some network-related problems. Of course it would be easy to just shoot... Read more

Add Teamspeak To Webmin

January 1, 2020 0
This article explains how to integrate a Teamspeak 3 server with the popular hosting panel, Webmin. I assume that you’ve already set up Teamspeak on either CentOS, Debian, or Ubuntu.... Read more

Installing McMyAdmin on Ubuntu 14.10

January 1, 2020 0
McMyAdmin is a Minecraft server control panel used to administrate your server. Although McMyAdmin is free, there are multiple editions, some of which are paid versions. Prerequisites Please ensure that... Read more

Install Drupal 7 on the One-Click LEMP Application

January 1, 2020 0
Introduction Drupal is a popular open-source content management platform. In this article, we will show you how to install Drupal 7 on a Vultr server based on the One-Click LEMP... Read more

How-To Install Redis from Source

January 1, 2020 0
Introduction Redis is often referred to as a data structures server. This means that Redis provides access to mutable data structures via a set of commands, which are sent by... Read more

Creating a Jekyll Blog on Ubuntu 16.04

January 1, 2020 0
Using a Different System? Creating a Jekyll Blog on CentOS 7 Are we missing a guide for your target system? Request one, or submit your own! Jekyll is a great... Read more

Leave a Reply

Your email address will not be published. Required fields are marked *