To create a user (sftp) with readonly access via sftp to a single directory (/var/sftp_readonly), perform the following steps:
sudo su #become root useradd sftp #create new user passwd sftp #set a password groupadd sftp_readonly #create a group mkdir /var/sftp_readonly #create a directory usermod -G sftp_readonly sftp # add user to group chmod 755 /var/sftp_readonly/ #allow others to read cp /etc/ssh/sshd_config ~/sshd_config.bck #backup your ssh config editor /etc/ssh/sshd_config # edit your ssh_config
Add the following lines to the bottom of /etc/ssh/sshd_config
Match Group sftp_readonly X11Forwarding no AllowTcpForwarding no ChrootDirectory /var/sftp_readonly/ ForceCommand internal-sftp
Also make sure that the following line is present
Subsystem sftp internal-sftp
Reload your ssh service
sudo service ssh reload