Users with sftp access without ssh access (for file hosting)

1. Do one time setup

$ doas mkdir /var/www/OrangeShare/
$ doas groupadd sftponly

Edit your httpd config to set "/OrangeShare" as the root location.

Add this into sshd_config

Subsystem       sftp    internal-sftp
Match Group sftponly
  PasswordAuthentication yes
  ForceCommand internal-sftp
  ChrootDirectory /var/www/OrangeShare/%u
  AllowTcpForwarding no
  AllowAgentForwarding    no
  PermitTunnel    no
  PermitTTY       no
  X11Forwarding   no

Save script for adding new user

# add user
doas adduser
# add user to sftponly group, otherwise they will have full ssh access
doas usermod -g sftponly $1
# make user's directory
doas mkdir /var/www/OrangeShare/$1
doas mkdir /var/www/OrangeShare/$1/pub
doas chown $1:$1 /var/www/OrangeShare/$1/pub
# set the user's password
doas passwd $1

2. For each new user

 $ ksh newuser.sh usernameHere
 Then email to the user their credentials, from either your personal email or from your team email if it has one.



To change sftp accessed directory from /home/USER to /var/www/htdocs/USER