Blog Post Image
5 October, 2020

Restrict SFTP users to theirs home directory and share folders

Icon

Luigi Laezza

Linux
Share Facebook Share Linkedin Share Linkedin

I often have to share resources with clients,  but allowing them to “play” with the entire file system of the web app, might end up in disaster.

That’s why I decided to write this little guide on how to restrict SFTP users to their home directory and share folders.

RESTRICT SFTP ACCESS TO HOME DIRECTORY
First, we need to modify the sshd_config file which contains all the ssh configurations.

sudo nano /etc/ssh/sshd_config

Make sure the following line is enabled, otherwise add it yourself.

Subsystem sftp internal-sftp  -f AUTH -l VERBOSE

On DigitalOcean I had the following line, which I replaced.

Subsystem sftp /usr/lib/openssh/sftp-server
At the end of the file, add the following, make sure that the /home/myuser folder is owned by root.

This configuration will block the user to ssh connect to the server and restrict her to the home directory myuser.

Match User myuser
       ChrootDirectory /home/myuser
       ForceCommand internal-sftp
       AllowTcpForwarding no
       X11Forwarding no

Now we just need to restart the ssh service

sudo service ssh restart

SHARE RESOURCES.
Normally we would use the ln -s command to do a symlink but when using chroot to restrict access to the home directory, that command won’t work.

Luckily the mount command comes in our help, using the option bind  we are able to link the resource (/var/www/myfolder/var) into the user home directory in the folder import.

cd /home/myuser
mount -o bind /var/www/myfolder/var/import import

Please note that if you reboot the server, you will have to re-run this command.

I hope this article will help all of you that are trying to achieve the same with your lovely clients.

If you need that folder to be writable from other users you could use facl:

sudo setfacl -Rm g:user_group:rwx

Related Articles

Web Development
Blog Post Image
16 August, 2023

Laravel from scratch on was EC2

By Vimuth Somarathna

Web Development
Blog Post Image
5 October, 2020

Laravel 5.3 add multi-language functionality

By Luigi Laezza

Web Development
Blog Post Image
5 October, 2020

Mailtrap with symfony, testing emails has never been so easy

By Luigi Laezza

Trending
Blog Post Image
5 October, 2020

Improve your social media strategy with Semrush

By Luigi Laezza

Trending
Blog Post Image
5 October, 2020

On SMASHINGMAGAZINE an introduction to building and sending HTML email for web developers

By Luigi Laezza

Web Development
Blog Post Image
5 October, 2020

Inexpensive stage lamp server with Raspberry PI3 and Ubunto server

By Luigi Laezza

Web Development
Blog Post Image
5 October, 2020

Secure your SSH connection disabling SSH password logins

By Luigi Laezza

Events
Blog Post Image
5 October, 2020

Analizzare tecniche e strumenti per conquistare nuovi clienti e far crescere la tua attività

By Luigi Laezza