Question

How to create a limited ftp account?

Posted August 15, 2014 13.2k views

Hello
So, now I have this problem…
I’m able to create a new user and change it’s home folder to where I want:

adduser --no-create-home username
chown username:username /var/www/html/
usermod --home /var/www/html/ username

But now how can I limit this user to see/write only in its home directory (/var/www/html/) and not go above this directory via ftp? Right now the user is able to see everything. Anyone has any ideia? I was not able to find an answear for this using openssh-sftp. I’m using ubuntu 14.04, btw.

Thank you!

Add a comment
enzovecchio
By:
enzovecchio
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
4 answers
asb August 15, 2014

To limit an SFTP user to their home directory, you can edit /etc/ssh/sshd_config to include:

Match User username
    ChrootDirectory %h
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp

Then restart ssh:

service ssh restart
Reply Report
  • fakeplacebo January 11, 2015

    Hello,

    I practised on this question and it’s answer both to create sftp user for /var/www/html/ directory. I created a user account and edited sshd_config as directed above. Than I tried to connect server via Filezilla with this account. Server rejected password and I couldn’t be able to connect.

    I wander that if there is any additional steps that I missed?

    I really appreciate any help you can provide.

    Reply Report
  • shinamee August 18, 2015

    Indeed, this doesn’t work. I get same error as @fakeplacebo

    Reply Report
fakeplacebo January 11, 2015
[deleted]
Reply Report
ryand32 January 24, 2015

where you using the correct port 22 in filezila for the new user?

Reply Report
bhaktiasnar March 14, 2015

Hey, I read here:
https://www.digitalocean.com/community/tutorials/how-to-set-up-vsftpd-on-ubuntu-12-04

and under step two, you’ll find:

sudo nano /etc/vsftpd.conf

By uncommenting command to chrootlocaluser. When this line is set to Yes, all the local users will be jailed within their chroot and will be denied access to any other part of the server.

chroot_local_user=YES

that way, you make boundaries.

How To Set Up vsftpd on Ubuntu 12.04
by Etel Sverdlov
Vsftpd is a fast and secure FTP server. Installing an FTP server can assist you with uploading files to your droplet. This tutorial describes how to install and set up vsftpd on Ubuntu 12.04.
Reply Report
tjessup July 17, 2015

Is there any security issue with containing Group users except myself (mr-admin) in sshd_config this way:


Match Group users
ChrootDirectory %h
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp

Match User mr-admin
ChrootDirectory /
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp

Reply Report
Submit an Answer

Looking for something else?

Ask a new question Search for more help