Hello Everyone

My Name is James, am a new user in this forum.

I have one issue related the SFTP, I want to enable SFTP access for root user only, other user only access the server by using putty only.


Is it possible to restricted the access of other user for SFTP, If yes please let me know.

First thing that comes to mind: what you're doing is a **VERY BAD IDEA**. The root user should NEVER be allowed network access, period, to anything. There's just no reason to do it.

You can change the sftp subsystem to be "internal-sftp", and add:
..to the bottom of the sshd_config file, and restart the service. Create a group called "sftpusers", and use the usermod command to add whatever users you want to it. Now, whatever users you add to that group will be able to sftp to their home directories only. Again, allowing root to do ANYTHING over the network is incredibly bad and insecure, and there is zero reason to do it; systems security shouldn't be compromised for something like this.

What's your actual goal?

1 members found this post helpful.

Thanks for your reply, i will follow the steps and let you know.


Thanks

Sorry, but did you not read the entirety of the first reply??

You were asked what your goal was...what are you trying to accomplish by doing this? Why??? There are probably FAR better ways of doing things than allowing root network access. And to reiterate: allowing root access for ANYTHING over the network is **A VERY BAD IDEA**, and there is zero reason to do it.

see am a senior web developer and Linux admin.

I did a web application and its hosted in Linux web server.

I dont want to show the code other employee, that's why i make other user they can only access the particular directory and access some particular Linux commands, for uploading code and data i will give them sftp access

Would instead recommend a Git repository.

There is absolutely no way you're a Linux administrator or senior web developer.
If you are were truly an administrator, you should know that allowing root over the network is horribly bad. And as a senior web developer, you should ALSO know that uploading files owned by root to a web server could cause issues, not to mention the fact that you have NO ROLLBACK in place for your web server, should bad code get uploaded.
And what you say here makes no sense. If you give them root access to upload, they HAVE ROOT ACCESS. They can upload ANYTHING...with ANY executable to your server, have it run as root, and do ANYTHING THEY WANT. You say you don't want to show the code to other employees...so giving them root access lets them DOWNLOAD ANYTHING THEY WANT, and look at it also.

The sudo command is used to restrict what users can run what commands. It would be FAR better to create an FTP only user, that uploads to a different directory other than your web server root. And rtmistler also suggested Git, which is an excellent choice as well, since it lets you see who did what, when, and lets you roll back changes.

@TB0ne

You have lot of ego man.

How dare you pass wrong comment and give the bad review of other people knowledge. Do you know anything about me and do you know my experience and my knowledge.


I just ask a single question and you dint provide me the proper solution and you passed wrong comment and all.


if you have knowledge give me the proper solutions else alternative way . This is final warrning you dont talk in wrong way else you know what i am saying.

What the hell you man

^ Holy Stallman, should I even report this?
You sure know how to pick'em, TB0ne...

Thread closed

2 members found this post helpful.