Giving SFTP access to a user for a certain directory !

In this mini tutorial, I will be adding the user kareem to the system, and allow kareem to sftp into a web directory where he can post his web design work, as usual, the steps first, then whatever explanations !

There are two ways to do this, one to add one user, the other to add a group of users, you can either pick one, or do both !

The part in common between both solutions

apt-get install openssh-server
adduser kareem
Then enter a new password twice for kareem

The interesting thing about this sftp user business is that the directory we will specify as the root for the user kareem has to be owned by root ! so go ahead and create the directory /var/www/html/usr/kareem, then execute the following commands

chown root:root /var/www/html/usr
chmod 755 /var/www/html/usr

chown kareem:kareem /var/www/html/usr/kareem

Now, the user kareem owns a directory within his root directory that he can write to, and can not write outside that directory since he does not have the OS permissions, Now, let us add kareem to the list of people who have sftp access but not ssh access.

Edit /etc/ssh/sshd_config and append the following to the document

Match User kareem
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/www/html/usr
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no

Now, restart the service by executing the following command

systemctl restart ssh

You are done, try connecting with something like winSCP

Besides winSCP, you can also simply mount the linux filesystem where you have permissions on your windows machine, here are the complete instructions on how to do that

Adding an FTP server and setting up users to access directories

This post is rather old, and everything is secure on the internet these days, so rather than FTP, it is recommended that you setup the new user with SFTP instead (Secure file transfer protocol), SCP is another option, but i have an sftp article ready for you here

So here is a quick guide to setting up a user to have access to a certain directory via FTP

You probably already use a Linux server, you access your files via SFTP or SCP, but you want to give someone access to a certain directory within.

Here is how it is done on a Debian squeeze machine

apt-get install pure-ftpd-common pure-ftpd

Then we need to add a group and default user for our program
groupadd ftpgroup
useradd -g ftpgroup -d /dev/null -s /etc ftpuser

pure-pw useradd test1 -u ftpuser -d /home/ftpusers/test1

pure-pw mkdb

This creates the file mentioned earlier called /etc/pureftpd.pdb, this file houses all information related to your virtual users

pure-pw passwd test1

Once password is set, update the database

pure-pw mkdb

To delete a user

pure-pw userdel test1

pure-pw show test1

Create symlink to add PureDB to authentication methods

cd /etc/pure-ftpd/auth
ln -s ../conf/PureDB 50pure

Disable PAM authentication unless you need it

echo no > /etc/pure-ftpd/conf/PAMAuthentication

Disable UNIX authentication unless you need it

echo no > /etc/pure-ftpd/conf/UnixAuthentication