- Launch an EC2 Instance running on Ubuntu Server
- Connect to Your EC2 Instance using endpoint connect or another way that is feasible to you
- Update Your Instance by the command (sudo apt update)
- Install the updates by the command (sudo apt upgrade)
- Install OpenSSH by the command (sudo apt install -y openssh-server)
- Configure SFTP:
Create SFTP Group and User:
- sudo groupadd sftpusers
- sudo adduser sftp-user1
- sudo adduser sftp-user2
- sudo adduser normal-user
- Enter new UNIX password:
- Retype new UNIX password:
Add users into the groups
sudo usermod -a -G sftpusers sftp-user1sudo usermod -a -G sftpusers sftp-user1
Create a directory for Restricted access
mkdir -p /var/www/public_ftp
Set the owner of /var/www to root:
sudo chown root:root /var/www
Give root write permissions to the same directory, and give other users only read and execute rights:
sudo chmod 755 /var/www
Now change the ownership of public_ftp directory that you have just created.
sudo chown sftp-user1:sftpsusers /var/www/public_ftp/
$ ls -lrttotal 0
Now, (testing not done for user-admin)
Create a user : sftp-admin
And give it permission to modify whole directory:: public_ftp
Create a subdirectory for each user inside the public_ftp directory and set permissions:
Give only User-sftp-vk-1 to add , modify and delete subfolder(file1)in public_ftp folder
Give only User-sftp-vk-2 to add , modify and delete subfolder(file2) in public_ftp folder
User-Specific Configuration:
Open the SSH server configuration file using nano or vim.
Then paste this at the bottom of the file, you can modify the permission according to your need.
Match User sftp-vk-1
ChrootDirectory /var/www/public_ftp/file1
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
Match User sftp-vk-2
ChrootDirectory /var/www/public_ftp/file2
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
In this I have given the permission to user: sftp-vk-1 to modify subdirectory file1
and given the permission to user: sftp-vk-2 to modify subdirectory file 2
