Linux Shell将sftp用户限制在其主目录中? [英] Linux shell to restrict sftp users to their home directories?

问题描述

我需要授予SFTP访问服务器上我的Webroot目录中的目录的权限.我已将ben_files设置为用户，并将其主目录设置为

I need to give SFTP access to a directory within my webroot on my server. I've set up ben_files as a user and have set his home directory to

/var/www/vhosts/mydomain.com/files

/var/www/vhosts/mydomain.com/files

如果他使用普通的旧FTP连接就可以了-他只限于该目录，但是要启用SFTP，我必须将他添加到bin/bash shell中，这突然打开了我的整个服务器...

That's all fine if he connects with plain old FTP - he's restricted just to that directory, but to enable SFTP i had to add him to bin/bash shell, which suddenly opens up my entire server...

是否可以给他SFTP访问权限，但又不打开我的所有目录?我真的很希望他只限于他的家;)

Is there a way of giving him SFTP access but without opening up all my directories? I'd really like him restricted to only his home ;)

谢谢！

推荐答案

OpenSSH≥ 4.8支持ChrootDirectory指令.

OpenSSH≥4.8 supports a ChrootDirectory directive.

添加到/etc/sshd_config或/etc/ssh/sshd_config或任何设置的全局sshd配置文件是

Add to /etc/sshd_config or /etc/ssh/sshd_config or whatever your setup's global sshd config file is:

Match user ben_files
        # The following two directives force ben_files to become chrooted
        # and only have sftp available.  No other chroot setup is required.
        ChrootDirectory /var/www/vhosts/mydomain.com/files
        ForceCommand internal-sftp
        # For additional paranoia, disallow all types of port forwardings.
        AllowTcpForwarding no
        GatewayPorts no
        X11Forwarding no

这篇关于Linux Shell将sftp用户限制在其主目录中?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！