Jump to content
Aerosol

Restrict Linux user to WWW folder and disable ssh access

Recommended Posts

To be able to restric a Linux user to www folder and disable ssh access, in my example maned user_name, we should proceed some steps:

1) Edit file /etc/ssh/sshd_config and add the next lines


AllowUsers [COLOR="#FF0000"]user_name[/COLOR]

Match User [COLOR="#FF0000"]user_name[/COLOR]
ChrootDirectory /var/www
ForceCommand internal-sftp

2) Edit the file /etc/passwd like in the next example:


[COLOR="#FF0000"]user_name[/COLOR]:1003:1002::/var/www:/bin/false

3) Add user to www-data group using command:


usermod -a -G www-data [COLOR="#FF0000"]user_name[/COLOR]

4) The final step is to restart the ssh service to reload the configuration using one of the next commands:


/etc/init.d/ssh restart

or

service ssh restart

After this steps if we fill try to connect using ssh we will got the next message:


root@kali:/home/razvan1# ssh [COLOR="#FF0000"]user_name[/COLOR]@192.168.1.1
[COLOR="#FF0000"]user_name[/COLOR]@192.168.1.1's password:
This service allows sftp connections only.
Connection to 192.168.1.1 closed.

Author: razvan1@hy

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...