0

I need to setup a file transfer linux server. All users login via sftp using active directory credentials.

I want all users to when logged into see a single directory /ftp-storage

In the /ftp-storage folder will be a number of other project folders for each proejct

/ftp-storage
  /project1
  /project2

I want all users when logging in with sftp to land in the /ftp-storage folder. Access to the project folders will limited by the AD groups the users are in which I can sort out.

I just don't know how to force all users to land in the /ftp-storage folder and not their linux home directory when logging in with filezilla.

Improve this question

1 Answer 1

Reset to default
0

I found the answer elsewhere. I added the following code /etc/ssh/sshd_config

Match group <ad-group>@<domain.com>
ChrootDirectory /ftp-storage
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Where is the name of the group on active directory i.e. (sftp) and <domain.com> is the name of the AD Domain.

I then gave the following permissions

chmod root:[email protected] -R /ftp-storage
chmod root:[email protected] -R /ftp-storage/project2
chmod root:[email protected] -R /ftp-storage/project3

Now when users login, if they are in the sftp AD Group they land in /ftp-storage and not their home directory and they can only access the projects that they are a member of in the relevant AD Groups.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .