Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

Adding SFTP-only user to Ubuntu Server

To add a SFTP-only user, you'll need to make sure your SSH config settings are correct, add a new user/group and set permissions for your new user. For step-by-step directions, see below. Omit sudo if you're logged in as root.

Directions

  1. Edit /etc/ssh/sshd_config and make sure to add the following at the end of the file:

     Match group filetransfer
     	ChrootDirectory %h
         X11Forwarding no
         AllowTcpForwarding no
     	ForceCommand internal-sftp
    
  2. Restart OpenSSH:

     sudo /etc/init.d/ssh restart
    
  3. Add new group for SFTP-only users:

     sudo addgroup filetransfer
    
  4. Add new user (make sure to switch out username in the following steps to your specified username):

     sudo adduser username
    
  5. Add user to new group and set permissions:

     sudo usermod -G filetransfer username
     sudo chown root:root /home/username
     sudo chmod 755 /home/username
    
  6. Create directories for user and set final permissions:

     cd /home/username
     sudo mkdir folder_1 folder_2
     sudo chown username:username *
    
  7. Use Cyberduck or another SFTP client to connect. Go have a beer.

@steve-ross

This comment has been minimized.

Copy link
Owner Author

steve-ross commented Mar 20, 2015

To let users of this group edit the same files that are owned by www-data:

add www-data to filetransfer group
usermod -G filetransfer www-data

cd ./magento
chown www-data:filetransfer ./ -R
(set group read/write permissions)
chmod -R g+rw- ./

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.