version=pmwiki-2.2.130 ordered=1 urlencoded=1 agent=w3m/0.5.3+git20210102 author=jrmu charset=UTF-8 csum= ctime=1640844061 host=38.87.162.8 name=Sftp.Chroot rev=1 targets= text=!! Users with sftp access without ssh access (for file hosting)%0a%0a1. Do one time setup%0a%0a[@%0a$ doas mkdir /var/www/OrangeShare/%0a$ doas groupadd sftponly%0a@]%0a%0aEdit your httpd config to set "/OrangeShare" as the root location.%0a%0aAdd this into sshd_config%0a%0a[@%0aSubsystem sftp internal-sftp%0aMatch Group sftponly%0a PasswordAuthentication yes%0a ForceCommand internal-sftp%0a ChrootDirectory /var/www/OrangeShare/%25u%0a AllowTcpForwarding no%0a AllowAgentForwarding no%0a PermitTunnel no%0a PermitTTY no%0a X11Forwarding no%0a@]%0a%0aSave script for adding new user%0a%0a[@%0a#!/bin/ksh%0a# add user%0adoas adduser%0a# add user to sftponly group, otherwise they will have full ssh access%0adoas usermod -g sftponly $1%0a# make user's directory%0adoas mkdir /var/www/OrangeShare/$1%0adoas mkdir /var/www/OrangeShare/$1/pub%0adoas chown $1:$1 /var/www/OrangeShare/$1/pub%0a# set the user's password%0adoas passwd $1%0a@]%0a%0a2. For each new user %0a%0a $ ksh newuser.sh usernameHere%0a Then email to the user their credentials, from either your personal email or from your team email if it has one.%0a%0a----%0a%0aSources:%0a[@%0ahttp://undeadly.org/cgi?action=article&sid=20080220110039%0ahttps://man.openbsd.org/sftp-server%0ahttps://unix.stackexchange.com/questions/503312/is-it-possible-to-grant-users-sftp-access-without-shell-access-if-yes-how-is-i%0a@]%0a%0a!! To change sftp accessed directory from /home/USER to /var/www/htdocs/USER%0a time=1640844061 author:1640844061=jrmu diff:1640844061:1640844061:=1,57d0%0a%3c !! Users with sftp access without ssh access (for file hosting)%0a%3c %0a%3c 1. Do one time setup%0a%3c %0a%3c [@%0a%3c $ doas mkdir /var/www/OrangeShare/%0a%3c $ doas groupadd sftponly%0a%3c @]%0a%3c %0a%3c Edit your httpd config to set "/OrangeShare" as the root location.%0a%3c %0a%3c Add this into sshd_config%0a%3c %0a%3c [@%0a%3c Subsystem sftp internal-sftp%0a%3c Match Group sftponly%0a%3c PasswordAuthentication yes%0a%3c ForceCommand internal-sftp%0a%3c ChrootDirectory /var/www/OrangeShare/%25u%0a%3c AllowTcpForwarding no%0a%3c AllowAgentForwarding no%0a%3c PermitTunnel no%0a%3c PermitTTY no%0a%3c X11Forwarding no%0a%3c @]%0a%3c %0a%3c Save script for adding new user%0a%3c %0a%3c [@%0a%3c #!/bin/ksh%0a%3c # add user%0a%3c doas adduser%0a%3c # add user to sftponly group, otherwise they will have full ssh access%0a%3c doas usermod -g sftponly $1%0a%3c # make user's directory%0a%3c doas mkdir /var/www/OrangeShare/$1%0a%3c doas mkdir /var/www/OrangeShare/$1/pub%0a%3c doas chown $1:$1 /var/www/OrangeShare/$1/pub%0a%3c # set the user's password%0a%3c doas passwd $1%0a%3c @]%0a%3c %0a%3c 2. For each new user %0a%3c %0a%3c $ ksh newuser.sh usernameHere%0a%3c Then email to the user their credentials, from either your personal email or from your team email if it has one.%0a%3c %0a%3c ----%0a%3c %0a%3c Sources:%0a%3c [@%0a%3c http://undeadly.org/cgi?action=article&sid=20080220110039%0a%3c https://man.openbsd.org/sftp-server%0a%3c https://unix.stackexchange.com/questions/503312/is-it-possible-to-grant-users-sftp-access-without-shell-access-if-yes-how-is-i%0a%3c @]%0a%3c %0a%3c !! To change sftp accessed directory from /home/USER to /var/www/htdocs/USER%0a host:1640844061=38.87.162.8