Linux limit SFTP users can only access a directory __linux

Source: Internet
Author: User
Tags chmod connection reset

1. Create a new user and set a password

> Useradd suser

> passwd suser//Enter password

2. Set up sshd configuration file

> cd/etc/ssh/

> CP sshd_config sshd_config.back//Backup

> VI sshd_config

Note If the line does not comment it will error

#Subsystem Sftp/usr/libexec/openssh/sftp-server


Match User Suser


X11forwarding No

Allowtcpforwarding No

Forcecommand internal-sftp

3. Restart SSHD Service

> Service sshd Restart

In fact, I came to this step, has successfully implemented the Linux limit SFTP users can only access a directory, my requirement is only to allow test users to access the MNT directory.

4. Create a directory and set permissions

> mkdir/var/opt/sftp

> Chown-r root:suser/var/opt/sftp

> Chmod-r 750/var/opt/sftp

It is important to:

Chrootdirectory set the directory permissions and all the parent folder permissions, the owner and the group must be root;

Chrootdirectory set the directory permissions and all the parent folder permissions, only the owner can have write permission, that is, the maximum permissions can be set to 755.

Note: Because permissions are 755, which causes non-root users to write files in the directory, you need to set up subdirectories in the directory specified by Chrootdirectory, and then reset the owners and permissions.

Such as:






-R 755/var/opt/sftp/testdir

5. Test



-oport=22 sftpuser@


1. Landing times wrong: Write Failed:broken pipe, couldn ' t read packet:connection reset by peer

Reason: Permission issue, the directory must be set to belong to root, belongs to the SFTP user group. Permission is 750

2. Restart sshd times wrong: Starting sshd:/etc/ssh/sshd_config line 141:subsystem ' SFTP ' already defined.

Reason: Forget to subsystem annotation, cause/etc/ssh/sshd_config to exist at the same time there are two subsystem nodes

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.