{"id":4553,"date":"2021-02-17T15:17:35","date_gmt":"2021-02-17T15:17:35","guid":{"rendered":"https:\/\/linuxways.net\/?p=4553"},"modified":"2021-02-17T23:22:37","modified_gmt":"2021-02-17T23:22:37","slug":"how-to-create-sftp-user-with-specified-directory-permissions-in-ubuntu-20-04","status":"publish","type":"post","link":"https:\/\/linuxways.net\/de\/ubuntu\/how-to-create-sftp-user-with-specified-directory-permissions-in-ubuntu-20-04\/","title":{"rendered":"How to Create SFTP User with Specified Directory Permissions in Ubuntu 20.04"},"content":{"rendered":"

SFTP stands for Secure File Transfer Protocol that we used for secure data transfer to and from your local system. It works over SSH Protocol and hence is considered to be more secure than the simple FTP (File Transfer Protocol). Data transferring is a routine based task of every system administrator and other developers who need to make changes in their code.<\/p>\n

So, in today’s article, we are going to show the detailed steps to configure SFTP Server and create users with their specified directory permissions.<\/p>\n

For the demonstration, we are using the Ubuntu 20.04 LTS for the SFTP setup, but similar steps can be performed in case you are using the RHEL\/CentOS Operating system.<\/p>\n

Prerequisites:<\/h2>\n

Starting from the prerequisites, we need to make sure that we have sudo or root user privileges on the server where we need to create SFTP Users.<\/p>\n

Let’s start by login into the system using ssh for which you can use the Putty or Shell terminal of your Linux Desktop.<\/p>\n

# ssh -i key.pem ubuntu@your_server_ip<\/pre>\n
# sudo -i<\/pre>\n
You can also directly login to your system as well, but make sure to use your own username and credentials.<\/p>\n
Step 1: Creating New SFTP Only User<\/h2>\n
Creating a new user for SFTP is as similar as we do for adding any other general users. But in order to restrict that to be used for SFTP purposes only, we will assign it to no login shell.<\/p>\n
Run the command below to create an SFTP user by specifying its custom home directory.<\/p>\n
# useradd -m -d \/home\/example.com sftp_user<\/pre>\n
Set the password of the newly created user using \u2018passwd\u2019 command as below.<\/p>\n
# passwd sftp_user<\/pre>\n
Make sure to set a complex password for its security. Then assign it a nologin shell by modifying the \u2018passwd\u2019 file as below.<\/p>\n
# vim \/etc\/passwd<\/pre>\n
sftp_user:x:1001:1001::\/home\/example.com:\/usr\/sbin\/nologin<\/pre>\n
Save and close using :wq! To apply changes.<\/p>\n
Step 2: Setup Directory Permissions<\/h2>\n
After creating the new user, we need to set up the right directory permissions and ownership to the user’s directory that we have created in the first step.<\/p>\n
# chmod 755 \/home\/example.com\/<\/pre>\n
# chown root:root \/home\/example.com<\/pre>\n
Step 3: Restrict Directory Access<\/h2>\n
Now we have a new SFTP only user in place, next we need to restrict its directory access to be accessible to its specified home folder that we created.<\/p>\n
In order to do so, we are going to modify the ssh configuration file by adding the following parameters.<\/p>\n
# vim \/etc\/ssh\/sshd_config<\/pre>\n
subsystem sftp internal-sftp\n\nMatch User sftp_user\n\nChrootDirectory %h\n\nAllowTCPForwarding no\n\nX11Forwarding no\n\nPasswordAuthentication yes\n\nForceCommand internal-sftp<\/pre>\n
Before saving the made changes, make sure to add your username against \u2018Match User\u2019 , whereas \u2018%h\u2019 represents the home directory of your newly created user within the restricted environment. This \u2018ChrootDirectory\u2019 will ensure that your SFTP user won\u2019t have access to any other directory.
\nSave the ssh configuration file, verify the syntax if there is an issue and then restart its services and confirm if it’s running using the below commands.<\/p>\n
# ssh -t<\/pre>\n
# systemctl restart sshd<\/pre>\n
# systemctl status sshd<\/pre>\n
<\/p>\n
Here, you can see that first there was an error in the ssh configuration file that we fixed by commenting out the additional entry and restart \u2018sshd service.<\/p>\n
Step 4: Testing SFTP Login<\/h2>\n
At this point, we are ready to use our SFTp user but before that let’s test it to make sure it has only SFTP access by using the ssh command.<\/p>\n
# ssh@xx.xx.xx.xx<\/a><\/pre>\n
Whereas xx needs to be replaced with your own server IP. As a result, you should get the connection failure as shown below.<\/p>\n
<\/p>\n
Step 5: Using SFTP Client<\/h2>\n
There are a couple of SFTP clients available to use for the cross-platform operating system and you can use your favorite one. We are going to test it using FileZilla which is one of the best and most useful FTP\/SFTP clients available to use. You can easily download it from their official link.<\/p>\n
Let’s open it in your system and give the IP address of your SFTP server along with your created username and password.<\/p>\n
<\/p>\n
Upon successful credentials, you will be able to have access to your specified directory only where you can upload or download the data.<\/p>\n
Conclusion:<\/h2>\n
In this article we have covered the detailed steps to setup and new SFTP server by making the ssh configuration changes, adding new users, and assigning the required directory permissions. You can add as many users as you want or simply create a new group and make new users part of that group.<\/p>","protected":false},"excerpt":{"rendered":"
SFTP stands for Secure File Transfer Protocol that we used for secure data transfer to and from your local system. It works over SSH Protocol and hence is…<\/p>","protected":false},"author":14,"featured_media":4558,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[200,199,100],"class_list":["post-4553","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ubuntu","tag-directory-permissions","tag-sftp-user","tag-ubuntu-20-04"],"_links":{"self":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/4553","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/comments?post=4553"}],"version-history":[{"count":0,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/4553\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media\/4558"}],"wp:attachment":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media?parent=4553"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/categories?post=4553"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/tags?post=4553"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}