groupadd group1
chmod 0755 /test/
useradd -g group1 -d /test/backend/ -M test_backend
usermod -s /sbin/nologin test_backend
passwd test_backend
xxxxxxxx
useradd -g group1 -d /test/api/ -M test_api
usermod -s /sbin/nologin test_api
passwd test_api
xxxxxx
useradd -g group1 -d /test/business/ -M test_business
usermod -s /sbin/nologin test_business
passwd test_business
xxxxxx
vi /etc/ssh/sshd_config
UseDNS no
AddressFamily inet
SyslogFacility AUTHPRIV
PermitRootLogin yes
PasswordAuthentication yes
# override default of no subsystems
# Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
Match User test_backend
ChrootDirectory /test/backend
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Match User test_api
ChrootDirectory /test/api
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Match User test_business
ChrootDirectory /test/business
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
systemctl restart sshd
这里有几点
1、主目录的所有者必须为root
即 chown root:root /test
2、权限为chmod 755 /test
3、要想让sftp修改子目录,只能创建子目录来设置权限
mkdir /test/api/project01
chown test_api:group1 /test/api/project01
chmod 755 /test/api/project01