Restrict FTP user to a directory
Solution 1
The best way, is to use SFTP from SSH and jail the user.
in file: /etc/ssh/sshd_config
make sure this line is uncomented:
Subsystem sftp internal-sftp
Then configure the rule to match a group:
Match group sftponly
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
and lastly manage the users:
# chown root.root /home/user
# usermod -d / user
# adduser user sftponly
Source: http://www.debian-administration.org/articles/590
Solution 2
A bit late in the day but it may help others in the future. I installed VSFTPD and edited the configuration file vsftpd.conf so it includes:-
chroot_local_user=YES
allow_writeable_chroot=YES
You need to restart the service after editings:-
service vsftpd restart
The FTP Users are restricted to Home Directory specified when adding them.
Related videos on Youtube
romainberger
Updated on September 18, 2022Comments
-
romainberger over 1 year
On a Ubuntu 11.04 server, I want to restrict a user to a specific directory (so he can't access the parents' directory) for FTP/ssh. I created the user with
adduser username
and changed the target directory withusermod -d /home/path/to/directory username
. This worked perfectly.From what I found I have to modify a
/etc/ftp/ftpaccess
file but the file (and the ftp) directory does not exist. I tried creating it but it didn't change anything. Also I only want to restrict this user and not the others.Any ideas?
-
Admin over 3 yearsHey one query, if the session is an anonymous one. How can I limit it to a specific directory.?
-
-
elacheche almost 11 years
-
romainberger almost 11 yearsThe ssh / sftp login works, I just want to restrict the user to a directory
-
reallynice over 9 yearsFor not affecting the usage of sftp for users that belong to a group other than "sftponly" (i.e. keeping), could I specify the Subsystem command inside the match, leaving the previous configuration unchanged?
-
roaima almost 8 yearsAre you saying that
/etc/ftpaccess
is the correct path to the configuration file? What should thisguestuser
option look like? -
grochmal almost 8 yearsOP cannot find the
ftpaccess
file, and that is quite likely since there are severalftp
implementations out there. You should outline at least on implementation (preferably several) and tell how to make a distinction between them. -
Rudresh Dixit over 3 yearsHey one query, if the session is an anonymous one. How can I limit it to a specific directory.?