How to create a limited user account for SSH
17,627
Solution 1
Just create a normal user, and set it's home dir to the desired folder:
useradd -d /share username
If you explicitly do not add this user to sudoer's list, or any special groups, then it will be limited by default. For security purposes you might want even to chroot
that user.
Solution 2
File transfer (and sharing) over SSH is done using the sftp
protocol usually.
And you can set up OpenSSH to chroot
to the user's directory while forcing sftp
(no command line allowed) like explained in this how-to.
Related videos on Youtube
Author by
Robin Rodricks
Updated on September 18, 2022Comments
-
Robin Rodricks over 1 year
I need to create a new user account, that should have full access to a single dir within the linux HDD, unlike the root user that has access to everything. And this account would be used via SSH for file sharing on the network. How do I get started?
-
gertvdijk over 11 yearsBy default users can read quite a lot of files on Ubuntu systems. When I create a new user, everyone has read-only access the home directory by default. So without a
chroot
configuration it's definitely not secure at all in my opinion. See my answer on how to do that. -
Andrejs Cainikovs about 10 years@caffinatedmonkey, please explain, I don't really understand your question.