Ubuntu – Best way to restrict FTP access to a single directory

file-permissionsftppermissionssftpUbuntu

I have a VPS running Ubuntu 10.04, and I'd like to give someone SFTP access to a single directory, but prevent them from seeing anything else on the system. What's the best way to pull this off?

I considered removing "everyone" permissions from everything on the system, but that seems like a really blunt tool for this problem (and one that'll cause other issues) – I'm hoping there's a better option here.

Edit: I appreciate the answers! (And I learned a bunch reading/researching through them). I ended up finding and using this guide from Linode as it spelled all the steps: http://library.linode.com/security/sftp-jails/

Best Answer

Best way use ftps and chroot(vsftpd) or web-dav with ssl(Apache2,nginx).

Generate a Certificate :

openssl req -x509 -nodes -days 365 -newkey rsa:1024  -keyout /etc/vsftpd/vsftpd.pem   -out /etc/vsftpd/vsftpd.pem

Edit config:

 ssl_enable=YES
 rsa_cert_file=/etc/vsftpd/vsftpd.pem
 chroot_local_user=YES

Best Answer

Related Solutions

Linux File Permissions – Best Way to Handle Apache 2’s www-data User in /var/www

Windows – FTP Directory Permission Issue: does granting access to a directory also grant access to other parallel directory

Related Topic