How to create a limited ftp account?

August 15, 2014 12k views
enzovecchio
By:
enzovecchio

Hello
So, now I have this problem...
I'm able to create a new user and change it's home folder to where I want:

adduser --no-create-home username
chown username:username /var/www/html/
usermod --home /var/www/html/ username

But now how can I limit this user to see/write only in its home directory (/var/www/html/) and not go above this directory via ftp? Right now the user is able to see everything. Anyone has any ideia? I was not able to find an answear for this using openssh-sftp. I'm using ubuntu 14.04, btw.

Thank you!

Log In to Comment
5 Answers
asb MOD August 15, 2014

To limit an SFTP user to their home directory, you can edit /etc/ssh/sshd_config to include:

Match User username
    ChrootDirectory %h
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp

Then restart ssh:

service ssh restart
Reply
  • fakeplacebo January 11, 2015

    Hello,

    I practised on this question and it's answer both to create sftp user for /var/www/html/ directory. I created a user account and edited sshd_config as directed above. Than I tried to connect server via Filezilla with this account. Server rejected password and I couldn't be able to connect.

    I wander that if there is any additional steps that I missed?

    I really appreciate any help you can provide.

  • shinamee August 18, 2015

    Indeed, this doesn't work. I get same error as @fakeplacebo

fakeplacebo January 11, 2015
[deleted]
Reply
ryand32 January 24, 2015

where you using the correct port 22 in filezila for the new user?

Reply
bhaktiasnar March 14, 2015

Hey, I read here:
https://www.digitalocean.com/community/tutorials/how-to-set-up-vsftpd-on-ubuntu-12-04

and under step two, you'll find:

sudo nano /etc/vsftpd.conf

By uncommenting command to chrootlocaluser. When this line is set to Yes, all the local users will be jailed within their chroot and will be denied access to any other part of the server.

chroot_local_user=YES

that way, you make boundaries.

How To Set Up vsftpd on Ubuntu 12.04
by Etel Sverdlov
Vsftpd is a fast and secure FTP server. Installing an FTP server can assist you with uploading files to your droplet. This tutorial describes how to install and set up vsftpd on Ubuntu 12.04.
Reply
tjessup July 17, 2015

Is there any security issue with containing Group users except myself (mr-admin) in sshd_config this way:

...
Match Group users
ChrootDirectory %h
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp

Match User mr-admin
ChrootDirectory /
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp

Reply
Have another answer? Share your knowledge.