Restrict the new user

September 21, 2017 1.3k views
Linux Basics Security Ubuntu 16.04


I want to restrict my new created user. Only the /home/user section can be accessed. How can I do that?

1 comment
  • I found the answer. For those seeking the same;

    Create a new group

    sudo addgroup exchangefiles

    Create the chroot directory

    sudo mkdir /var/www/GroupFolder/
    sudo chmod g+rx /var/www/GroupFolder/

    Create the group-writable directory

    sudo mkdir -p /var/www/GroupFolder/files/
    sudo chmod g+rwx /var/www/GroupFolder/files/

    Give them both to the new group

    sudo chgrp -R exchangefiles /var/www/GroupFolder/

    after that i went to /etc/ssh/sshd_config and i added in the end of the file

    Match Group exchangefiles
      # Force the connection to use SFTP and chroot to the required directory.
      ForceCommand internal-sftp
      ChrootDirectory /var/www/GroupFolder/
      # Disable tunneling, authentication agent, TCP and X11 forwarding.
      PermitTunnel no
      AllowAgentForwarding no
      AllowTcpForwarding no
      X11Forwarding no

    Now I’m going to add new user with obama name to my group

    sudo adduser --ingroup exchangefiles obama 

    now every thing is completly finish we need one commend to restart the ssh again

    sudo service ssh restart

    notice: the user now can’t do any thing out file directory I mean all his file must be in file Folder

1 Answer

Use permission 700 and make sure the folder owner is correct.

  • This is not the answer to the problem. example user will only be able to read the /home/example folder. Must not access the /

Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!