TLod
By:
TLod

Restrict the new user

September 21, 2017 264 views
Security Linux Basics Ubuntu 16.04

Hi;

I want to restrict my new created user. Only the /home/user section can be accessed. How can I do that?

1 comment
  • I found the answer. For those seeking the same;

    Create a new group

    sudo addgroup exchangefiles
    

    Create the chroot directory

    sudo mkdir /var/www/GroupFolder/
    sudo chmod g+rx /var/www/GroupFolder/
    

    Create the group-writable directory

    sudo mkdir -p /var/www/GroupFolder/files/
    sudo chmod g+rwx /var/www/GroupFolder/files/
    

    Give them both to the new group

    sudo chgrp -R exchangefiles /var/www/GroupFolder/
    

    after that i went to /etc/ssh/sshd_config and i added in the end of the file

    Match Group exchangefiles
      # Force the connection to use SFTP and chroot to the required directory.
      ForceCommand internal-sftp
      ChrootDirectory /var/www/GroupFolder/
      # Disable tunneling, authentication agent, TCP and X11 forwarding.
      PermitTunnel no
      AllowAgentForwarding no
      AllowTcpForwarding no
      X11Forwarding no
    

    Now I'm going to add new user with obama name to my group

    sudo adduser --ingroup exchangefiles obama 
    

    now every thing is completly finish we need one commend to restart the ssh again

    sudo service ssh restart
    

    notice: the user now can't do any thing out file directory I mean all his file must be in file Folder

1 Answer

Use permission 700 and make sure the folder owner is correct.

  • This is not the answer to the problem. example user will only be able to read the /home/example folder. Must not access the /

Have another answer? Share your knowledge.