Linux Shell将sftp用户限制在其主目录中? [英] Linux shell to restrict sftp users to their home directories?
问题描述
我需要授予SFTP访问服务器上我的Webroot目录中的目录的权限.我已将ben_files设置为用户,并将其主目录设置为
I need to give SFTP access to a directory within my webroot on my server. I've set up ben_files as a user and have set his home directory to
/var/www/vhosts/mydomain.com/files
/var/www/vhosts/mydomain.com/files
如果他使用普通的旧FTP连接就可以了-他只限于该目录,但是要启用SFTP,我必须将他添加到bin/bash shell中,这突然打开了我的整个服务器...
That's all fine if he connects with plain old FTP - he's restricted just to that directory, but to enable SFTP i had to add him to bin/bash shell, which suddenly opens up my entire server...
是否可以给他SFTP访问权限,但又不打开我的所有目录?我真的很希望他只限于他的家;)
Is there a way of giving him SFTP access but without opening up all my directories? I'd really like him restricted to only his home ;)
谢谢!
推荐答案
OpenSSH≥ 4.8支持ChrootDirectory
指令.
OpenSSH≥4.8 supports a ChrootDirectory
directive.
添加到/etc/sshd_config
或/etc/ssh/sshd_config
或任何设置的全局sshd
配置文件是
Add to /etc/sshd_config
or /etc/ssh/sshd_config
or whatever your setup's global sshd
config file is:
Match user ben_files
# The following two directives force ben_files to become chrooted
# and only have sftp available. No other chroot setup is required.
ChrootDirectory /var/www/vhosts/mydomain.com/files
ForceCommand internal-sftp
# For additional paranoia, disallow all types of port forwardings.
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no
这篇关于Linux Shell将sftp用户限制在其主目录中?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!