DEV Community

Bryan
Bryan

Posted on • Originally published at devlogbook.com

2 1

SFTP Only Access on Laravel Forge Server

#watercooler

Requirements

Let's say you want to create 3 SFTP only users

  1. mainuser : manage other users' folders and files
  2. user01 : can only view/edit own folder and files
  3. user02 : can only view/edit own folder and files

Creating Users and Directories

  1. Create the 3 users

    sudo adduser mainuser
sudo adduser user01
sudo adduser user02

  2. Create folders for user01 and user02

    sudo mkdir -p /var/sftp/user01/uploads
sudo mkdir -p /var/sftp/user02/uploads

  3. Give root write permissions to the same directory, and give other users only read and execute rights

    sudo chmod 755 /var/sftp/user01
sudo chmod 755 /var/sftp/user02

  4. Change the ownership for the uploads directory to the user you just created

    sudo chown user01:user01 /var/sftp/user01/uploads
sudo chown user02:user02 /var/sftp/user02/uploads

  5. Change ownership to mainuser to view all user folders

    sudo chown root:mainuser /var/sftp

Restricting Access to Directory

Note 1: We are creating a new sshd file because it would be cleaner and /etc/ssh/sshd_config automatically includes .conf files in /etc/ssh/sshd_config.d/

Note 2: user01/user02 will default to its own folder, but cannot create folders or files outside the uploads folder

  1. Create mainuser sshd config file

    sudo nano /etc/ssh/sshd_config.d/mainuser.conf

  2. Add to the newly created mainuser conf file

    Match User mainuser
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/sftp/
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no

  3. Create user01 sshd config file

    sudo nano /etc/ssh/sshd_config.d/user01.conf

  4. Add to the newly created user01 conf file

    Match User user01
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/sftp/user01
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no

  5. Create user02 sshd config file

    sudo nano /etc/ssh/sshd_config.d/user02.conf

  6. Add to the newly created user02 conf file

    Match User user02
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/sftp/user02
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no

  7. Restart sshd service

    sudo systemctl restart sshd

Resource

https://www.digitalocean.com/community/tutorials/how-to-enable-sftp-without-shell-access-on-ubuntu-20-04

profile
Sentry
 Promoted

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

Top comments (0)

profile
Pieces.app
 Promoted

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

Read next

jetthoughts-dev profile image

Navigating AI Innovation: A Comparative Look at Claude 3 on AWS and ChatGPT on Azure

JetThoughts Dev -

mikeyoung44 profile image

AI System Builds Self-Expanding Knowledge Maps with 85% Accuracy Using Deep Graph Reasoning

Mike Young -

mikeyoung44 profile image

AI Makes Music Recommendations More Human Through Natural Conversation

Mike Young -

mikeyoung44 profile image

New Framework Reveals How to Test and Trust AI Models: Research Introduces TrustGen Platform

Mike Young -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay