TurnKey Linux Virtual Appliance Library

Restrict SFTP User to own home directory

tim.fischbeck's picture

Yesterday I downloaded and installed the TKL File Server appliance.  My plans are to use it solely as an FTP server.  I have created a user named abc (for example).  I am successfully able to log into the server from Filezilla for example and directly into the abc user home directory without issue.  My question is, how can I prevent the abc user from navigating the tree above his home directory (ex. /, /home, etc.)?  I have been researching this for a couple of days, and so far, nothing that I have tried has helped.  I guess it is obvious, but I will admit that I haven't used Linux/Unix in quite some time.

Guest's picture

Same problem here, i cant see

Same problem here, i cant see any .conf of ftp, i dont know wich version of ftp server i have indeed!

Jeremy Davis's picture

SFTP is supplied by OpenSSH

And the term for locking users into their home directory is chroot jail. It can be done by configuring OpenSSH. Although it may be easier to limit the user's access to SFTP/SSH and just install another FTP service such as vsftpd or proftpd. If you go that way then you will probably want to check out FTPS (FTP over SSL - as opposed to SFTP which is FTP over SSH) for security.

Have a look at this thread for some links to previous discussion on chroot jails with SFTP and vsftpd. There is also a thread here on proftpd.

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)