How to create a limited ftp account?

August 15, 2014 6.4k views

So, now I have this problem...
I'm able to create a new user and change it's home folder to where I want:

adduser --no-create-home username
chown username:username /var/www/html/
usermod --home /var/www/html/ username

But now how can I limit this user to see/write only in its home directory (/var/www/html/) and not go above this directory via ftp? Right now the user is able to see everything. Anyone has any ideia? I was not able to find an answear for this using openssh-sftp. I'm using ubuntu 14.04, btw.

Thank you!

5 Answers

To limit an SFTP user to their home directory, you can edit /etc/ssh/sshd_config to include:

Match User username
    ChrootDirectory %h
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp

Then restart ssh:

service ssh restart 
  • Hello,

    I practised on this question and it's answer both to create sftp user for /var/www/html/ directory. I created a user account and edited sshd_config as directed above. Than I tried to connect server via Filezilla with this account. Server rejected password and I couldn't be able to connect.

    I wander that if there is any additional steps that I missed?

    I really appreciate any help you can provide.

  • Indeed, this doesn't work. I get same error as @fakeplacebo

where you using the correct port 22 in filezila for the new user?

Hey, I read here:

and under step two, you'll find:

sudo nano /etc/vsftpd.conf

By uncommenting command to chrootlocaluser. When this line is set to Yes, all the local users will be jailed within their chroot and will be denied access to any other part of the server.


that way, you make boundaries.

by Etel Sverdlov
Vsftpd is a fast and secure FTP server. Installing an FTP server can assist you with uploading files to your droplet. This tutorial describes how to install and set up vsftpd on Ubuntu 12.04.

Is there any security issue with containing Group users except myself (mr-admin) in sshd_config this way:

Match Group users
ChrootDirectory %h
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp

Match User mr-admin
ChrootDirectory /
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp

Have another answer? Share your knowledge.