Let me go an extra mile now and share a simple bash script that creates a user, assigns a password, sets a maximum number of files (and allowed size) and allows *just* SFTP access. Here is how you do so from a single command line (I tested this time in Ubuntu / Debian):
sudo /path/to/addSftpUser.sh 'testUser' 'testPassword'
Here is the script code:
#!/bin/bash # # @fileName: addSftpUser.sh: # @description: Creates an SFTP user # @author: Nestor Urquiza # @date: Dec 22, 2010 # # # Constants # ALLOWED_KB=100000 ALLOWED_FILES=1000 # # Functions # function usage { echo "Usage - $0 user password" exit 1 } # # Main program # if [ $# -lt 2 ] then usage fi USER=$1 PASSWORD=$2 useradd -d /home/$USER -s /bin/false -m $USER usermod -g sftponly $USER sudo usermod -p `mkpasswd $PASSWORD` $USER chown root:root /home/$USER chmod 755 /home/$USER mkdir /home/$USER/$USER chown $USER:$USER /home/$USER/$USER chmod 755 /home/$USER/$USER #Quotas: Feel free to remove if you do not need to limit uploads setquota -u $USER $ALLOWED_KB $ALLOWED_KB $ALLOWED_FILES $ALLOWED_FILES -a /
You must be sure the user cannot SSH into the box:
$ ssh testUser@192.168.3.161 testUser@192.168.3.161's password: This service allows sftp connections only. Connection to 192.168.0.161 closed. $
You want to be sure the user can use SFTP
$ sftp testUser@192.168.3.161 Connecting to 192.168.3.161... testUser@192.168.3.161's password: sftp> exit
No comments:
Post a Comment