These are instructions to create a shared directory amongst two or more users. This will only allow those users access to SFTP, but not the shell. They will also be “jailed” to the directory of your choosing.
These examples were done using Ubuntu 22.04 and assume that you are root or using sudo. You are free to change group names and directory names.
Create a group that you will add your SFTP users to.
groupadd groupshare
Create your users.
useradd user1
useradd user2
Add your users to the group you just created.
usermod -aG groupshare user1
usermod -aG groupshare user2
Create the directories and apply permissions that users will share.
Note that users will be jailed/limited to the directory /groupshare but will need to upload files to /groupshare/uploads.
mkdir /groupshare
chown root.root /groupshare
chmod 755 /groupshare
mkdir /groupshare/uploads
chown user1.groupshare /groupshare/uploads
chmod 775 /groupshare/uploads
Add the following block to /etc/ssh/sshd_config.
This block needs to be added to the end of the file.
# start groupshare match block
Match Group groupshare
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /groupshare
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
# end groupshare match block
Restard sshd.
systemctl restart sshd
Remember to test your permissions.