LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Give sft acces without shell access (https://www.linuxquestions.org/questions/linux-server-73/give-sft-acces-without-shell-access-4175597399/)

entretoize 01-13-2017 02:47 PM
Give sft acces without shell access
 
Hello, I created a user with a group using these lines:
Code:
useradd <username>
groupadd <groupname>
gpasswd -a <username> <groupname>
chgrp -R groupname /path/to/your/web/directory
chmod -R g+rw /path/to/your/web/directory
next I removed shell access with:
Code:
usermod -s /sbin/nologin <username>
But now I can't no more access the folder though sftp.
Then first, how to cancel my last usermod to recover sftp access, and then is it possible to block just the shell access ?
Thanks

Turbocapitalist 01-14-2017 02:54 AM
Welcome.

For shared folders you'll need a little more than just g+w. But that is separate from the question of SFTP.

IF you are using OpenSSH-server then you can block shell access by making the account use only SFTP.

Code:
Subsystem sftp internal-sftp

...

Match Group groupname
        AllowTCPForwarding no
        X11Forwarding no
        ForceCommand internal-sftp
The users in the group groupname will only be able to connect using SFTP. However, they still will be able to rummage around in the rest of the system until you make a chroot for them.


Edit: in case it was not obvious about undoing the usermod

Code:
usermod -s /bin/bash username


All times are GMT -5. The time now is 01:18 PM.