Limit SFTP user to one directory and disable their SSH (Ubuntu)

This configuration gives a user SFTP access to a single directory (chroot), and disables them from navigating outside of that directory or accessing SSH.

Create directory that you want the new user to access

mkdir /customers/newguy

Create the user and an SFTP group. Second command also sets the user’s home directory to the one we created earlier.

groupadd sftp
useradd -d /customers/newguy newguy
passwd newguy

Add the new user to sftp group and disable their SSH access

usermod -g sftp newguy
usermod -s /bin/false newguy

Set the proper permissions on their directory

chown root:root /customers/newguy
chmod 750 /customers/newguy

Limit users in the sftp group to their home directories by pasting the code below in /etc/ssh/sshd_config

vi /etc/ssh/sshd_config

Match group sftp
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

The user won’t be able to create anything in their home folder, so make them another directory and give them permissions to write in it.

mkdir /customers/newguy/myfiles
chown -R newguy.newguy /customers/newguy/myfiles
chmod 750 /customers/newguy/myfiles