Ubuntu: add SFTP only user with access to directory inside another user’s home directory

sftpsshUbuntu

I have a server with multiple sites hosted in my user directory /home/[user]/public_html/[site directories] and so I have access over SSH/SFTP.

I now have somebody working for me and want them to be able to update the sites but don't want them to have unrestricted access to the server. I basically want to restrict them to SFTP access to the public_html directory in my user home directory whilst still allowing my access to these directories as well.

Is this possible? How can I do this? I don't want to add an FTP client – just using inbuilt SSH.

I am aware it would be better to create multiple home directories but creating one for each site hosted isn't really a feasible short term option.

Thanks

Simon

Best Answer

Yes, it is possible. You have to use the "ChrootDirectory" directive. ( man sshd_config ). If you want to chroot only a specific user and your ssh version has sftp builtin:

Match user the_user_you_want_to_chroot
         ChrootDirectory /home/whatever/%u
         ForceCommand internal-sftp

( Be sure to check the manpage as it can be different )

Related Topic