0

I want to give my friend access to a single folder on my server.

I created a new user for him, created a new group for him, and chgrp -R'd the folder for him so that he would have access.

I just tried SSHing in as him, and he can see everything on my server. He can see all the directories, cat, and download files. The only thing he can't seem to do is modify or create files.

How can I remove access for him from everything except his home folder and this special folder for which he is in the group of?

Here's what I've done, I ran nano /etc/ssh/sshd_config and added this to the bottom:

Match group GROUP
    ChrootDirectory /srv/WEBSITE
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp

And then ran service ssh restart.

Now I can't log in as my friend using WinSCP.

mpen
  • 2,236

1 Answers1

1

You are not very clear on the things your friend is supposed to do in the folder. As you state that www-data should have write rights as well, I assume this is a web data directory. For this, sFTP or scp would be my tools of choice for your friend. This answer explains how to set up both in a chroot environment. If your friend actually has to log in via ssh, you may need to copy some binaries for him to use, or use ln -s to link /usr into the chroot environment.

Community
  • 1
noleti
  • 4,103
  • 28
  • 27