Opvizor Blog

Configuring SFTP Access for Multiple Users on Debian-based Systems

Written by blog | Mar 3, 2024 2:39:49 PM

In many organizational settings, the need often arises to share a common folder securely over SFTP (SSH File Transfer Protocol) with multiple authenticated users. Consider a scenario where a nightly report is generated, and various departments require access to it promptly the following morning. How can this be efficiently managed, especially on Linux systems?

When configuring users on Linux, each user typically has their own designated directory. However, what if multiple users need access to the same directory? Here's a detailed, step-by-step guide on how to set up such a configuration using Debian-based distributions, including Ubuntu.



In many organizational settings, the need often arises to share a common folder securely over SFTP (SSH File Transfer Protocol) with multiple authenticated users. Consider a scenario where a nightly report is generated, and various departments require access to it promptly the following morning. How can this be efficiently managed, especially on Linux systems?

When configuring users on Linux, each user typically has their own designated directory. However, what if multiple users need access to the same directory? Here's a detailed, step-by-step guide on how to set up such a configuration using Debian-based distributions, including Ubuntu.

Creating User Groups and Directories

Firstly, we need to establish a new group specifically for the users who will be accessing the report:

groupadd reportusrs

Next, create the individual users who will be part of this group:

useradd usr1
useradd usr2

Now, let's create the directory from which users will retrieve their reports. We'll configure it in a way that ensures users have exclusive access to this directory and its subdirectories:

mkdir /reports
chown root.root /reports
chmod 755 /reports
chown usr1.reportusrs /reports/
chmod 775 /reports

Configuring OPENSSH Server

Now, we need to make the necessary adjustments to the OPENSSH server configuration file located at `/etc/ssh/sshd_config`. Add the following lines at the end of the file:

# start reports match block
Match Group reportusrs
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /reports
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no

After making these changes, it's essential to restart the OPENSSH service to apply the modifications:

systemctl restart sshd

Testing Permissions

Finally, it's crucial to test the permissions to ensure that everything is set up correctly. Once this is done, you're all set!

By following these steps, you can seamlessly configure SFTP access for multiple authenticated users on Debian-based systems. This setup not only streamlines the process of sharing files securely but also ensures that users have controlled access to the designated directory, promoting efficient collaboration across departments.