Linux configures sftp user to access the specified directory

Enterprise 2023-07-19 01:32:57 views: null

1. Environment

Development environment: Win 10 -- 64-bit
Service environment: centos7
SSH: OpenSSH_7.4p1

2. Create a new sftp user:

Requires root privileges to execute --------------------------

1. Create a new user group

For the convenience of adding users later

groupadd sftp

2. Add user

useradd -g sftp -s /usr/sbin/nologin fileuser

Note:
-g: Specifies the user group to which the user belongs
-s: shell, /usr/sbin/nologin means that the user is prohibited from logging in with SSH, and can only be used for SFTP login
fileuser: username

configuration password

 passwd fileuser

3. Create a specified FTP folder

1. Create a path that restricts access to specified users

mkdir -p /data/ftp/

Note: The owner and group of the directory here must be root:root, and the permission is 755. The reason will be mentioned later

2. Set folder permissions

chown root:root /data/ftp/
chmod 755 /data/ftp/

Fourth, modify the configuration file

vim /etc/ssh/sshd_config

 NoteSubsystem sftp /usr/lib/openssh/sftp-server
Add the following configuration to the configuration file:

Subsystem sftp internal-sftp
Match Group sftp
        ForceCommand internal-sftp
        ChrootDirectory /data/ftp/%u
#AllowTcpForwarding no
#X11Forwarding no

Subsystem sftp internal-sftp means that the sftp service uses the internal-sftp
Match Group that comes with the system. sftp means that the specified group is configured. It can also be written as Match User fileuser to specify the configured user.
ForceCommand internal-sftp means that the system internal-sftp
ChrootDirectory is forced to be used /data/sftp/%u indicates the specified user root directory, %u indicates the current user, the directory specified by ChrootDirectory and the directory up to the system root directory, the directory owner can only be root.
AllowTcpForwarding no prohibits TCP forwarding
X11Forwarding no prohibits X11 forwarding

The latter two items can be added according to the actual situation
Note: For the above configuration classes, refer to https://www.cnblogs.com/convict/p/16411632.html, you can read the original text for more detailed explanations

5. Restart the SSH service

systemctl restart sshd

or 

service ssh restart

After the startup is successful, use the sftp tool to connect
 

 As shown in the figure, after the user logs in to sftp, he can only see the configured directory. The root directory shown here is actually ChrootDirectory /data/sftp/%uthe directory specified by the configuration.
You can create an operation directory belonging to the fileuser user in this directory, such as:

mkdir -p /data/ftp/fileuser/work/

grant permission

chown fileuser:sftp /data/ftp/fileuser/work/

It's over, sprinkle flowers! ! ! ! ! ! !

Original reference:   Linux configures sftp users to access the specified directory_sftp login to the specified directory_Program - Ape's Blog - CSDN Blog

Guess you like

Origin blog.csdn.net/qq_39706515/article/details/130574774
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com