I have a 2009 Macbook Pro with El Capitan which a want to share remotely via SFTP.
I did many attempts following many guides, using both terminal and the graphic process in MacOS Settings but I did not succeed to restrict a user to its folder.
What I’ve done so far.
In Settings > Users & Group
I have created a user1
choosing the Only sharing
option and I have edited the advance options. (see the image attached)
I have created a group externals
and I have assigned user1
to it.
I have edited the sshd_config
file located in /etc/ssh/
#Subsystem sftp /usr/libexec/sftp-server
Subsystem sftp internal-sftp
Match Group externals
X11Forwarding no
AllowTcpForwarding no
#PermitTTY no
ForceCommand internal-sftp
#ChrootDirectory %h
I have created a folder called user1
in /Users/
sudo mkdir -p /Users/user1
sudo chmod 755 /Users/user1
sudo chown user1:externals /Users/user1
I can connect user1
to the server via SFTP and its working directory is the one in the advance options, but he is able to navigate the entire filesytem, which I don’t want.
Also, if I activate ChrootDirectory
in the sshd_config
I’m not able to connect anymore.
I did many other attempts, but it’s useless to explain.
I hope someone can provide me the exact process to restrict user1
to its folder on which he can just create and delete files.
Thank you.
[1]: https://i.stack.imgur.com/eOSR0.jpg