How to restrict a user to one folder and not allow them to move out his folder
I have ubuntu server on digitalocean and I want to give someone a folder for their domain on my server, my problem is, I don't want that user to see my folders or files or to be able to move out their folder.
How can I restrict this user in their folder and not allow to him to move out and see other files/directories ?
chmod is not good solution because i can't use it for all the folder in my server i used before he can move out his folder
actually i have no idea about group because i didn't use it before can you just explain to me what the benefit of it ?
I solved my problem by this way:
Create a new group
$ sudo addgroup exchangefiles
Create the chroot directory
$ sudo mkdir /var/www/GroupFolder/ $ sudo chmod g+rx /var/www/GroupFolder/
Create the group-writable directory
$ sudo mkdir -p /var/www/GroupFolder/files/ $ sudo chmod g+rwx /var/www/GroupFolder/files/
Give them both to the new group
$ sudo chgrp -R exchangefiles /var/www/GroupFolder/
after that I went to
/etc/ssh/sshd_configand added to the end of the file:
Match Group exchangefiles # Force the connection to use SFTP and chroot to the required directory. ForceCommand internal-sftp ChrootDirectory /var/www/GroupFolder/ # Disable tunneling, authentication agent, TCP and X11 forwarding. PermitTunnel no AllowAgentForwarding no AllowTcpForwarding no X11Forwarding no
Now I'm going to add new user with obama name to my group:
$ sudo adduser --ingroup exchangefiles obama
Now everything is done, so we need to restart the ssh service:
$ sudo service ssh restart
notice: the user now can't do any thing out
filedirectory I mean all his file must be in file Folder.