Hey!

I've made a user for my friend so he can have his files at my server.
Im running SFTP. When he has logged in he can go back to the root and watch all the folders i have on the server. How can i do so he only can view /var/www/myfriend/. And if he goes back he will like get an error where it says "Permission Denied!".

Thanks!

I think this covers what you're looking for:
http://www.minstrel.org.uk/papers/sftp/
http://ubuntuforums.org/showthread.php?t=128206

Basically, unless you've given him root access, you can block him to a specific file system/directory that you have chosen.

How can i block him? Isnt there any easier way?

Anyone? Notice that i also want me to have root access, is that possible?

Depending on the distro you're running (let's assume debian for the moment) you can also use this tutorial that makes it pretty simple:
http://tusforyou.com/chrooted-sshsft...-debian-lenny/

I'll summarize here:
1) sudo apt-get install ssh openssh-server
2) sudo vi /etc/ssh/sshd_config
3) Validate this line exists: Subsystem sftp /usr/lib/openssh/sftp-server
4) Add this at the very end for each user (or set up a group and add that)
5) sudo /etc/init.d/ssh restart
6) chmod 700 /home/username

Now, if you want it to be some other directory, just set that as the users home directory and modify accordingly. There is also a tutorial on his site for Ubuntu if you're running that.

The key you're looking for is what's called 'chroot' or 'jails', so if you look for 'chroot sftp distro' you'll probably find what you're looking for. Chroot is the term for setting a specific directory as 'root' (or /) for a specific user/group/process. It prevents them from moving any higher up the tree, so if you set up the shared filesystem as /shared/sftp/public and chroot the sftp process to /shared/sftp, they could see everything in public, nothing in /shared, and any files or directories under sftp.

Let me know if this works for you.