In this mini tutorial, I will be adding the user kareem to the system, and allow kareem to sftp into a web directory where he can post his web design work, as usual, the steps first, then whatever explanations !<\/p>\n\n\n\n
There are two ways to do this, one to add one user, the other to add a group of users, you can either pick one, or do both !<\/p>\n\n\n\n
The part in common between both solutions<\/p>\n\n\n\n
apt-get install openssh-server\nadduser kareem\nThen enter a new password twice for kareem\n<\/pre>\n\n\n\nThe interesting thing about this sftp user business is that the directory we will specify as the root for the user kareem has to be owned by root ! so go ahead and create the directory \/var\/www\/html\/usr\/kareem, then execute the following commands<\/p>\n\n\n\n
chown root:root \/var\/www\/html\/usr\nchmod 755 \/var\/www\/html\/usr\n\nchown kareem:kareem \/var\/www\/html\/usr\/kareem<\/pre>\n\n\n\nNow, the user kareem owns a directory within his root directory that he can write to, and can not write outside that directory since he does not have the OS permissions, Now, let us add kareem to the list of people who have sftp access but not ssh access.<\/p>\n\n\n\n
Edit \/etc\/ssh\/sshd_config<\/em><\/strong> and append the following to the document<\/p>\n\n\n\n
Match User kareem\nForceCommand internal-sftp\nPasswordAuthentication yes\nChrootDirectory \/var\/www\/html\/usr\nPermitTunnel no\nAllowAgentForwarding no\nAllowTcpForwarding no\nX11Forwarding no\n<\/pre>\n\n\n\nNow, restart the service by executing the following command<\/p>\n\n\n\n
systemctl restart ssh<\/pre>\n\n\n\nYou are done, try connecting with something like winSCP<\/p>\n\n\n\n