for my webserver i want to give someone ftp access to their webs root directory. which i have that setup. just im not using a FTP server. theyre connecting via ssh. meaning using the ssh client they could do all sorts of things within their home directory ie installing bandwidth eating servers and running them installing anything really is what i dont want.

bassicaly i want to limit the user so he can only upload and download files so it would be working as if he was conncted via ftp

make /, and /home unreadable to anyone but the owner (you). You may have to do this to all of the other directories so they don't CD into them.
That is assuming that they actually have user accounts, and the SHOULD as they can SSH into your server with out using a pubilc account...
That would just keep them in their home dir...
I know that there is a way to disable shell access, so they could only use SCP. I think a google search for "Disabling Shell Access" would do you some good if you were intrested in that.

what you could do here is chmod the /usr/bin/* to 750, so a user wont have access to any of the files in /usr/bin.
then you can chmod 755 scp and the other commands that you want.


This might cause problems, so test on a system first.

sorry my post was confusing

im trying to set up an access to the server for similar reasons as a FTP server. just for uploading and downloading files with the server. i dont have a ftp server installed. i just created a unix user and the unix users home directory is their web root directory. the user logs in via ssh client. i have it setup so they cant naviagte out of their home directory, just i dont want them to be able to upload files then execute them. (im not sure if theres anything else i should keep them from doing) the only stuff they need to do is the bare minimum to upload files to the server for their website, and then be able to download them incase they need to make backups or whatever the purpose is.

Just run:
This will ONLY allow the user access via sftp.

To prevent them from leaving their home dirs, just follow the directions in my post.
The post I quoted will prevent them from running they shouldn't.
Them you can chmod things like sshd (which is normally in sbin, but...), gedit or emacs and xemacs to give them an online editor.
If you are planning on letting then use shell scripts, just chmod 777 /usr/bin/sh alond with the other needed commands.
That should give you decent security...



Linux users SHOULD be able to ssh and scp. Windows users can use Cygwin for SSH (open the X server and then xterm) and then they can scp and run the editors.
Windows users can also use programs like WinSCP for file transfer. Th shoudn't have to navigate into their home directors as that's where you start off...