Contos 7 set up SFTP to create users, user groups, and delete users

1、 Add new users and set up profiles

#  establish sftp System user and disable ssh Sign in 
useradd  -s /sbin/nologin    sftp1
# Set or modify sftp1 Sign in 
echo  "[email protected]" |passwd --stdin sftp1

#  To configure sshd_config
vi /etc/ssh/sshd_config
 Find the following line , use # The symbols are annotated .
# Subsystem      sftp    /usr/libexec/openssh/sftp-server
#  Add the following lines to the last side of the file 
Subsystem       sftp    internal-sftp
# Match users 
Match User sftp1   
ChrootDirectory /data/sftp/sftp1   
ForceCommand    internal-sftp   
AllowTcpForwarding no    #  Not necessary   
X11Forwarding no #  Not necessary 

# Set up Chroot The directory permissions ( must ), The user directory, group directory and data root directory should be set to 755  jurisdiction , Not too high , Otherwise, we may report Permission denied It's abnormal 

mkdir -p /data/sftp/sftp1
chown root:root /data/sftp/sftp1
chmod 755 /data -R

# establish SFTP The directory that users can write to after logging in upload
mkdir /data/sftp/sftp1/upload
chown sftp1  /data/sftp/sftp1/upload
# to upload And subordinate Document Authorization 777, Otherwise, we may report Permission denied It's abnormal 
chmod 777 /data/sftp/sftp1/upload -R 

# Restart  sshd  service ：
systemctl restart sshd.service

Finally using flashfxp Enter account sftp1 , password : [email protected]   Log in .

2、 Add user groups and users and set up profiles

# Create user group sftp And new users sftp1
groupadd sftp
adduser sftp1

# Add users to user groups 
useradd -G sftp -s /sbin/nologin  sftp1

# Set the user password 
passwd [email protected]
# Disable this user shell Sign in 
usermod -s /bin/false sftp1

# Set up sshd_config
vi /etc/ssh/sshd_config
 Find the following line , use # The symbols are annotated .
# Subsystem      sftp    /usr/libexec/openssh/sftp-server
# find  Subsystem sftp  This business , Modified into ：
Subsystem sftp internal-sftp
Match Group sftp
UsePAM yes

# use chroot Assign the user's root directory to %h,%h On behalf of the user home Catalog , So the user   It can only be active in the user directory . Also available %u,%u On behalf of user name 
ChrootDirectory /data/sftp/%u
ForceCommand    internal-sftp
AllowTcpForwarding no
X11Forwarding no

# Set up Chroot The directory permissions ( must ), User directory sftp1 And group directory sftp And the data root directory data Must be set to 755  jurisdiction , Not too high , Otherwise, we may report Permission denied It's abnormal 

mkdir -p /data/sftp/sftp1
chown root:root /data/sftp/sftp1
chmod 755 /data -R

# establish SFTP The directory that users can write to after logging in upload
mkdir /data/sftp/sftp1/upload
chown sftp1  /data/sftp/sftp1/upload
# to upload And subordinate Document Authorization 777, Otherwise, we may report Permission denied It's abnormal 
chmod 777 /data/sftp/sftp1/upload -R 

# Restart  sshd  service ：
systemctl restart sshd.service

Finally using flashfxp Enter account sftp1 , password : [email protected]   Log in .

3、 Delete the user and re create the user

# If you already have users , Remove 
userdel sftp1
rm -rf /home/sftp1
rm -rf /var/spool/mail/sftp1

# newly build sftp Group 、 Specific users sftp1
groupadd sftp
adduser sftp1
useradd -G sftp -s /sbin/nologin sftp1
passwd [email protected]

 

# modify ssh The configuration file 
vi /etc/ssh/sshd_config

 Find the following line , use # The symbols are annotated .
#Subsystem sftp /usr/libexec/openssh/sftp-server

Subsystem sftp internal-sftp
UsePAM yes

# use chroot Assign the user's root directory to %h,%h On behalf of the user home Catalog , So the user   It can only be active in the user directory . Also available %u,%u On behalf of user name 
ChrootDirectory /data/sftp/%u
ForceCommand    internal-sftp
AllowTcpForwarding no
X11Forwarding no

# Set up Chroot The directory permissions ( must ), The user directory, group directory and data root directory should be set to 755  jurisdiction , Not too high , Otherwise, we may report Permission denied It's abnormal 

mkdir -p /data/sftp/sftp1
chown root:root /data/sftp/sftp1
chmod 755 /data -R

# establish SFTP The directory that users can write to after logging in upload
mkdir /data/sftp/sftp1/upload
chown sftp1  /data/sftp/sftp1/upload
# to upload And subordinate Document Authorization 777, Otherwise, we may report Permission denied It's abnormal 
chmod 777 /data/sftp/sftp1/upload -R 

# restart ssh
service sshd restart

Finally using flashfxp Enter account sftp1 , password : [email protected]   Log in .