Unix tools introduced. Today: Readonly SFTP

To create a user (sftp) with readonly  access via sftp to a single directory (/var/sftp_readonly), perform the following steps:

sudo su #become root

useradd sftp #create new user

passwd sftp #set a password

groupadd sftp_readonly #create a group

mkdir /var/sftp_readonly #create a directory

usermod -G sftp_readonly sftp # add user to group

chmod 755 /var/sftp_readonly/ #allow others to read

cp /etc/ssh/sshd_config ~/sshd_config.bck #backup your ssh config

editor  /etc/ssh/sshd_config # edit your ssh_config

Add the following lines to the bottom of /etc/ssh/sshd_config

Match Group sftp_readonly
  X11Forwarding no
  AllowTcpForwarding no
  ChrootDirectory /var/sftp_readonly/
  ForceCommand internal-sftp

Also make sure that the following line is present

Subsystem sftp internal-sftp

Reload your ssh service

sudo service ssh reload



Leave a Reply