SFTP access to only one folder

Slicster · 06-24-2015, 11:32 AM

Hi Guys,
I've searched through the web and forums before posting and yes I have found some sites that show how to create SFTP access on Redhat. What I'm trying to accomplish is to create a new user called DEV that has it's home folder set to "/var/www/web/media/nutritionalfacts" and cannot browse anywhere else. These are the inscrutctions I've tried without success...

Code:

groupadd  sftp_users
useradd  -G sftp_users  -s /sbin/nologin  DEV -d /var/www/web/media/nutritionalfacts
passwd DEV

# vi /etc/ssh/sshd_config
#comment out the below line and add a line like below
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp

# add Below lines  at the end of file
Match Group sftp_users
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory h
ForceCommand internal-sftp

service sshd restart

chmod 755 /var/www/web/media/nutritionalfacts
chown root /var/www/web/media/nutritionalfacts
chgrp -R sftp_users /var/www/web/media/nutritionalfacts

For whatever reason, the above doesn't work and I can't connect via SFTP with the new user. In the meantime, I simply did the following which works but allows the user to browse through the whole Redhat OS filesystem...

Code:

useradd DEV -M -d /var/www/web/media/nutritionalfacts -s /sbin/nologin
passwd DEV

I really want the user to be restricted to only that folder via SFTP and for it to be as simple as possible.

Anyone?

MensaWater · 06-25-2015, 01:39 PM

We typically use scponly for this:
http://sourceforge.net/projects/scponly/files/
It lets you setup a jailed user for doing scp/sftp and prevents use of ssh for that user.

voleg · 06-28-2015, 07:12 AM

Try to make "/usr/libexec/openssh/sftp-server" as user shell, not "/sbin/nologin".