Linux shell to restrict sftp users to their home directories?
OpenSSH≥4.8 supports a ChrootDirectory
directive.
Add to /etc/sshd_config
or /etc/ssh/sshd_config
or whatever your setup's global sshd
config file is:
Match user ben_files # The following two directives force ben_files to become chrooted # and only have sftp available. No other chroot setup is required. ChrootDirectory /var/www/vhosts/mydomain.com/files ForceCommand internal-sftp # For additional paranoia, disallow all types of port forwardings. AllowTcpForwarding no GatewayPorts no X11Forwarding no
You might try setting his shell to /bin/rbash
RESTRICTED SHELL If bash is started with the name rbash, or the -r option is supplied at invocation, the shell becomes restricted. A restricted shell is used to set up an environment more controlled than the standard shell. It behaves identically to bash with the exception that the following are disallowed or not performed:
· changing directories with cd
plus more...
Make sure you fully understand what is allowed and disallowed before you use this.