Ssh – Restrict FTP user to a directory

ftpsftpsshUbuntuusers

On a Ubuntu 11.04 server, I want to restrict a user to a specific directory (so he can't access the parents' directory) for FTP/ssh.
I created the user with adduser username and changed the target directory with usermod -d /home/path/to/directory username. This worked perfectly.

From what I found I have to modify a /etc/ftp/ftpaccess file but the file (and the ftp) directory does not exist. I tried creating it but it didn't change anything. Also I only want to restrict this user and not the others.

Any ideas?

Best Answer

The best way, is to use SFTP from SSH and jail the user.

in file: /etc/ssh/sshd_config

make sure this line is uncomented:

Subsystem sftp internal-sftp

Then configure the rule to match a group:

Match group sftponly
         ChrootDirectory /home/%u
         X11Forwarding no
         AllowTcpForwarding no
         ForceCommand internal-sftp

and lastly manage the users:

# chown root.root /home/user
# usermod -d / user
# adduser user sftponly

Source: http://www.debian-administration.org/articles/590

Related Solutions

FTP – Added User with Adduser but Can’t Login Through FTP

Look at your /etc/passwd file Find your user and look shell (example ttr:x:501:501::/home/username/ttr:/sbin/nologin) Add this shell (/bin/false or /sbin/nologin) to your /etc/shell or /etc/shells After that, check your connection

Try again...If it still does not work

Back up the config file before making a change;

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.back

and then edit vsftpd.conf (with vi or nano)

nano /etc/vsftpd.conf

Then make the following change

pam_service_name=ftp

Save your change and restart the ftp server (if you use nano hit CTRL+O & enter to save then CTRL+X to exit)

sudo service vsftpd restart

Best Answer

Related Solutions

FTP – Added User with Adduser but Can’t Login Through FTP

Related Question