Setup sftp user

List of user’s group
# groups username

# adduser username -g sftp -s /sbin/nologin
# passwd username

in general to add a new group

# groupadd

in general to add user to a group

#usermod -G group username

Open and add the following lines to /etc/ssh/sshd_config configuration file:

list of groups and its users
#  cat /etc/group

Subsystem sftp internal-sftp
 
   Match Group sftp
   ChrootDirectory /home/%u
   ForceCommand internal-sftp
   X11Forwarding no
   AllowTcpForwarding no

# systemctl restart sshd
OR
# service sshd restart

then check the user home directory permissions
# ls /home/ -ltra
in case run this
# chmod 755 /home/username/
# chown root:sftp /home/username/ -Rf
# chown bancasella:sftp /home/username/basedir

I had this error when I tried to create folder in basedir:
mkdir /New directory: permission denied

after googlig a lot I found this here (Thanks):
# setsebool -P ssh_chroot_rw_homedirs on
# restorecon -R /home/username
After this, sftp works as expected, even when chrooted, without having to disable SELinux completely.

Leave a Reply