These are instructions to create a shared directory amongst two or more users. This will only allow those users access to SFTP, but not the shell. They will also be “jailed” to the directory of your choosing.
These examples were done using Ubuntu 22.04 and assume that you are root or using sudo. You are free to change group names and directory names.
Create a group that you will add your SFTP users to.
Create your users.
useradd user1 useradd user2
Add your users to the group you just created.
usermod -aG groupshare user1 usermod -aG groupshare user2
Create the directories and apply permissions that users will share.
Note that users will be jailed/limited to the directory /groupshare but will need to upload files to /groupshare/uploads.
mkdir /groupshare chown root.root /groupshare chmod 755 /groupshare mkdir /groupshare/uploads chown user1.groupshare /groupshare/uploads chmod 775 /groupshare/uploads
Add the following block to /etc/ssh/sshd_config.
This block needs to be added to the end of the file.
# start groupshare match block Match Group groupshare ForceCommand internal-sftp PasswordAuthentication yes ChrootDirectory /groupshare PermitTunnel no AllowAgentForwarding no AllowTcpForwarding no X11Forwarding no # end groupshare match block
systemctl restart sshd
Remember to test your permissions.