Linux limit SFTP users can only access a directory __linux

1. Create a new user and set a password

> Useradd suser

> passwd suser//Enter password

2. Set up sshd configuration file

> cd/etc/ssh/

> CP sshd_config sshd_config.back//Backup

> VI sshd_config

Note If the line does not comment it will error

#Subsystem Sftp/usr/libexec/openssh/sftp-server

subsystem SFTP INTERNAL-SFTP

Match User Suser

Chrootdirectory/var/opt/sftp

X11forwarding No

Allowtcpforwarding No

Forcecommand internal-sftp

3. Restart SSHD Service

> Service sshd Restart

In fact, I came to this step, has successfully implemented the Linux limit SFTP users can only access a directory, my requirement is only to allow test users to access the MNT directory.

4. Create a directory and set permissions

> mkdir/var/opt/sftp

> Chown-r root:suser/var/opt/sftp

> Chmod-r 750/var/opt/sftp

It is important to:

Chrootdirectory set the directory permissions and all the parent folder permissions, the owner and the group must be root;

Chrootdirectory set the directory permissions and all the parent folder permissions, only the owner can have write permission, that is, the maximum permissions can be set to 755.

Note: Because permissions are 755, which causes non-root users to write files in the directory, you need to set up subdirectories in the directory specified by Chrootdirectory, and then reset the owners and permissions.

Such as:

>

Chown

Suser:suser/var/opt/sftp/testdir

>

chmod

-R 755/var/opt/sftp/testdir

5. Test

>

Sftp

-oport=22 sftpuser@192.168.11.180

Problems:

1. Landing times wrong: Write Failed:broken pipe, couldn ' t read packet:connection reset by peer

Reason: Permission issue, the directory must be set to belong to root, belongs to the SFTP user group. Permission is 750

2. Restart sshd times wrong: Starting sshd:/etc/ssh/sshd_config line 141:subsystem ' SFTP ' already defined.

Reason: Forget to subsystem annotation, cause/etc/ssh/sshd_config to exist at the same time there are two subsystem nodes