How to Restrict a SSH user to access a specific directory ?

From PheonixSolutions
Jump to navigation Jump to search

Introduction

[edit]

In a secure server environment, it's often necessary to restrict user access to specific directories for various reasons such as enforcing security policies or protecting sensitive data. One way to achieve this is by configuring SSH user permissions to limit access to designated directories. This guide outlines the steps to create a user with restricted access to a particular directory on a Linux server.

Prerequisites

[edit]

1. Access to a Linux server with sudo privileges.

2. Basic understanding of Linux commands and file system permissions.

Steps to Restrict SSH User Access to a Specific Directory

[edit]

Login to the Server: Connect to the server using SSH with a user account that has sudo access. 

  $ ssh user@IP

Create a Restricted User:

Create a new user account with the adduser command and specify the home directory as the restricted directory. 

  $ sudo adduser --home /restricted-directory-name new_username

Set Password:

Provide a strong password for the new user when prompted.

Change Ownership:

Modify the ownership of the restricted directory to the newly created user. 

  $ sudo chown new_username:new_username /restricted-directory-name

Edit sudoers File:

Use visudo to edit the sudoers file and specify the commands the user is allowed to run outside the restricted directory. 

  $ sudo visudo

Add the following line under the User privilege specification section: 

  new_username ALL=(ALL:ALL) /path/to/command1, /path/to/command2, /path/to/command3

Replace /path/to/command1, etc., with the actual paths of the commands the user is permitted to execute.

Save and Exit:

Save the changes made to the sudoers file and exit the editor.

Restart SSH Service:

Restart the SSH service to apply the changes. 

  $ sudo systemctl restart sshd

Test User Access:

Verify the restricted user's access by SSH-ing into the server using the new username. 

  $ ssh new_username@IP

The user should only have write access to the specified restricted directory.

Conclusion

[edit]

By following these steps, you can effectively restrict SSH user access to a specific directory on your Linux server. This enhances security by limiting the scope of actions that users can perform, thereby reducing the risk of unauthorized access or accidental data breaches. Remember to regularly review and update user permissions as needed to maintain a secure environment.

Retrieved from "https://wiki.pheonixsolutions.com/index.php?title=How_to_Restrict_a_SSH_user_to_access_a_specific_directory_%3F&oldid=1315"