I need to give SFTP access to a directory within my webroot on my server. I've set up ben_files as a user and have set his home directory to
/var/www/vhosts/mydomain.example/files
That's all fine if he connects with plain old FTP - he's restricted just to that directory, but to enable SFTP I had to add him to bin/bash shell, which suddenly opens up my entire server...
Is there a way of giving him SFTP access开发者_如何学运维 but without opening up all my directories? I'd really like him restricted to only his home.
OpenSSH≥4.8 supports a ChrootDirectory directive.
Add to /etc/sshd_config or /etc/ssh/sshd_config or whatever your setup's global sshd config file is:
Match user ben_files
        # The following two directives force ben_files to become chrooted
        # and only have sftp available.  No other chroot setup is required.
        ChrootDirectory /var/www/vhosts/mydomain.example/files
        ForceCommand internal-sftp
        # For additional paranoia, disallow all types of port forwardings.
        AllowTcpForwarding no
        GatewayPorts no
        X11Forwarding no
You might try setting his shell to /bin/rbash
RESTRICTED SHELL If bash is started with the name rbash, or the -r option is supplied at invocation, the shell becomes restricted. A restricted shell is used to set up an environment more controlled than the standard shell. It behaves identically to bash with the exception that the following are disallowed or not performed:
· changing directories with cd
plus more...
Make sure you fully understand what is allowed and disallowed before you use this.
Take a look at rssh. It may already be packaged for your o/s distribution.
Use pam_chroot.
Here is a good manual: Chrooted SSH/SFTP Tutorial (Debian Etch)
You can also set the users shell to /bin/false by using:
usermod -s /bin/false username
Restricts them from ssh'ing in and can only sftp (or ftp, if it's setup)
I use this for sftp usres, along with the mentioned chroot setup (covered by other answers).
 
         
                                         
                                         
                                         
                                        ![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif) 
                                         
                                         
                                         
                                         加载中,请稍侯......
 加载中,请稍侯......
      
精彩评论