Skip to content

Instantly share code, notes, and snippets.

@steve-ross

steve-ross/sftp-ubuntu.md

Forked from joshellington/sftp-ubuntu.md
Last active August 29, 2015 14:17
Show Gist options
  • Save steve-ross/e9fac13ef2378d2dfacd to your computer and use it in GitHub Desktop.
Save steve-ross/e9fac13ef2378d2dfacd to your computer and use it in GitHub Desktop.
Download ZIP
Raw
sftp-ubuntu.md

Adding SFTP-only user to Ubuntu Server

To add a SFTP-only user, you'll need to make sure your SSH config settings are correct, add a new user/group and set permissions for your new user. For step-by-step directions, see below. Omit sudo if you're logged in as root.

Directions

  1. Edit /etc/ssh/sshd_config and make sure to add the following at the end of the file:

     Match group filetransfer
 	ChrootDirectory %h
     X11Forwarding no
     AllowTcpForwarding no
 	ForceCommand internal-sftp

  2. Restart OpenSSH:

     sudo /etc/init.d/ssh restart

  3. Add new group for SFTP-only users:

     sudo addgroup filetransfer

  4. Add new user (make sure to switch out username in the following steps to your specified username):

     sudo adduser username

  5. Add user to new group and set permissions:

     sudo usermod -G filetransfer username
 sudo chown root:root /home/username
 sudo chmod 755 /home/username

  6. Create directories for user and set final permissions:

     cd /home/username
 sudo mkdir folder_1 folder_2
 sudo chown username:username *

  7. Use Cyberduck or another SFTP client to connect. Go have a beer.

@steve-ross
Copy link
Author

steve-ross commented Mar 20, 2015

To let users of this group edit the same files that are owned by www-data:

add www-data to filetransfer group
usermod -G filetransfer www-data

cd ./magento
chown www-data:filetransfer ./ -R
(set group read/write permissions)
chmod -R g+rw- ./

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment