创建不能ssh登录的用户dingli,密码用于sftp登录:
groupadd dingli
useradd -g dingli -s /bin/false dingli
passwd dingli
mkdir /data_share/dingli
usermod -d /data_share/dingli dingli
运行命令编辑文件 sudo vi /etc/ssh/sshd_config
上把Subsystem sftp /usr/lib/openssh/sftp-server 这行注释
并加入:
Subsystem sftp internal-sftp
Match Group dingli
ChrootDirectory /data_share/dingli/
ForceCommand internal-sftp
注意ChrootDirectory设置的目录/data_share/dingli/的所有者必须是root,并且该目录的上级目录data_share的所有者也必须是root.
chown -R root:root /data_share/dingli
chmod 755 /data_share/dingli
mkdir /data_share/dingli/gt_xdr
chown -R dingli:dingli /data_share/dingli/gt_xdr
chmod 755 /data_share/dingli/gt_xdr
service sshd restart