Hello - I am trying to create an account on my droplet for SFTP usage only, and for which the user (with account <useraccount>)can only access a specific sub folder and its children. My droplet is running Ubuntu 16.04 with a LAMP stack. I have taken the following steps:

• created <useraccount> and given it the home directory to which it will need access;
• assigned <useraccount> to a specific user group <usergroup>;

-set up root ownership for the parent of the home directory and all its parents, as well as 755 permissions;

• set up <useraccount> ownership of the home directory and all the files and directories below it, with 755 permissions.

• Inserted the following at the end of/etc/ssh/sshd_config:

Subsystem sftp internal-sftp
Match USER <useraccount>:<usergroup>
ChrootDirectory <home directory>
PasswordAuthentication yes

ForceCommand internal-sftp

X11Forwarding no
AllowTcpForwarding no
PermitTunnel no
AllowAgentForwarding n

• When I test this account with FileZilla, I can log in via SFTP and FileZilla does go to the correct folder. However, there is no restriction to that folder and its children. Instead, I can navigate to any other folder within the droplet.

• Can someone advise what I may be doing wrong and how I can restrict access to the home directory and its children?

Thanks,

Michael Trotz