Restrict the new user

Posted September 21, 2017 2.7k views
Linux BasicsSecurityUbuntu 16.04


I want to restrict my new created user. Only the /home/user section can be accessed. How can I do that?

1 comment
  • I found the answer. For those seeking the same;

    Create a new group

    sudo addgroup exchangefiles

    Create the chroot directory

    sudo mkdir /var/www/GroupFolder/
    sudo chmod g+rx /var/www/GroupFolder/

    Create the group-writable directory

    sudo mkdir -p /var/www/GroupFolder/files/
    sudo chmod g+rwx /var/www/GroupFolder/files/

    Give them both to the new group

    sudo chgrp -R exchangefiles /var/www/GroupFolder/

    after that i went to /etc/ssh/sshd_config and i added in the end of the file

    Match Group exchangefiles
      # Force the connection to use SFTP and chroot to the required directory.
      ForceCommand internal-sftp
      ChrootDirectory /var/www/GroupFolder/
      # Disable tunneling, authentication agent, TCP and X11 forwarding.
      PermitTunnel no
      AllowAgentForwarding no
      AllowTcpForwarding no
      X11Forwarding no

    Now I’m going to add new user with obama name to my group

    sudo adduser --ingroup exchangefiles obama 

    now every thing is completly finish we need one commend to restart the ssh again

    sudo service ssh restart

    notice: the user now can’t do any thing out file directory I mean all his file must be in file Folder

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Use permission 700 and make sure the folder owner is correct.