In many organizational settings, the need often arises to share a common folder securely over SFTP (SSH File Transfer Protocol) with multiple authenticated users. Consider a scenario where a nightly report is generated, and various departments require access to it promptly the following morning. How can this be efficiently managed, especially on Linux systems?
When configuring users on Linux, each user typically has their own designated directory. However, what if multiple users need access to the same directory? Here's a detailed, step-by-step guide on how to set up such a configuration using Debian-based distributions, including Ubuntu.
In many organizational settings, the need often arises to share a common folder securely over SFTP (SSH File Transfer Protocol) with multiple authenticated users. Consider a scenario where a nightly report is generated, and various departments require access to it promptly the following morning. How can this be efficiently managed, especially on Linux systems?
When configuring users on Linux, each user typically has their own designated directory. However, what if multiple users need access to the same directory? Here's a detailed, step-by-step guide on how to set up such a configuration using Debian-based distributions, including Ubuntu.
Firstly, we need to establish a new group specifically for the users who will be accessing the report:groupadd reportusrs
Next, create the individual users who will be part of this group:useradd usr1
useradd usr2
Now, let's create the directory from which users will retrieve their reports. We'll configure it in a way that ensures users have exclusive access to this directory and its subdirectories:mkdir /reports
chown root.root /reports
chmod 755 /reports
chown usr1.reportusrs /reports/
chmod 775 /reports
Now, we need to make the necessary adjustments to the OPENSSH server configuration file located at `/etc/ssh/sshd_config`. Add the following lines at the end of the file:# start reports match block
Match Group reportusrs
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /reports
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
After making these changes, it's essential to restart the OPENSSH service to apply the modifications:systemctl restart sshd
Finally, it's crucial to test the permissions to ensure that everything is set up correctly. Once this is done, you're all set!
By following these steps, you can seamlessly configure SFTP access for multiple authenticated users on Debian-based systems. This setup not only streamlines the process of sharing files securely but also ensures that users have controlled access to the designated directory, promoting efficient collaboration across departments.