Blog Post Image
5 October, 2020

Restrict SFTP users to theirs home directory and share folders

Icon

Luigi Laezza

Linux
Share Facebook Share Linkedin Share Linkedin

I often have to share resources with clients,  but allowing them to “play” with the entire file system of the web app, might end up in disaster.

That’s why I decided to write this little guide on how to restrict SFTP users to their home directory and share folders.

RESTRICT SFTP ACCESS TO HOME DIRECTORY
First, we need to modify the sshd_config file which contains all the ssh configurations.

sudo nano /etc/ssh/sshd_config

Make sure the following line is enabled, otherwise add it yourself.

Subsystem sftp internal-sftp  -f AUTH -l VERBOSE

On DigitalOcean I had the following line, which I replaced.

Subsystem sftp /usr/lib/openssh/sftp-server
At the end of the file, add the following, make sure that the /home/myuser folder is owned by root.

This configuration will block the user to ssh connect to the server and restrict her to the home directory myuser.

Match User myuser
       ChrootDirectory /home/myuser
       ForceCommand internal-sftp
       AllowTcpForwarding no
       X11Forwarding no

Now we just need to restart the ssh service

sudo service ssh restart

SHARE RESOURCES.
Normally we would use the ln -s command to do a symlink but when using chroot to restrict access to the home directory, that command won’t work.

Luckily the mount command comes in our help, using the option bind  we are able to link the resource (/var/www/myfolder/var) into the user home directory in the folder import.

cd /home/myuser
mount -o bind /var/www/myfolder/var/import import

Please note that if you reboot the server, you will have to re-run this command.

I hope this article will help all of you that are trying to achieve the same with your lovely clients.

If you need that folder to be writable from other users you could use facl:

sudo setfacl -Rm g:user_group:rwx

Related Articles

Web Development
Blog Post Image
25 April, 2025

Unlocking the Potential of AI with No-Code and Low-Code Platforms framework

By Luigi Laezza

Blog Post Image
10 April, 2025

Integrating Facebook and Instagram APIs with Meta: A Guide to Enhance Your Brand's Social Media Strategy framework

By Luigi Laezza

Blog Post Image
3 April, 2025

Selbstbedienungskassen: Die Zukunft des Einkaufens mit maßgeschneiderter Software framework

By Luigi Laezza

Blog Post Image
31 March, 2025

Mastering Laravel: Your Comprehensive Guide to Web Development framework

By Luigi Laezza

Blog Post Image
28 March, 2025

Introduction to Laravel framework

By Luigi Laezza

Blog Post Image
17 March, 2025

Introduction to Laravel

By Luigi Laezza

Blog Post Image
3 March, 2025

ai agents crypto

By Luigi Laezza

Business
Blog Post Image
28 February, 2025

Unlock the power of Teams Login with SoipoServices!

By Luigi Laezza