Differences

This shows you the differences between two versions of the page.

--- snippets:security [2025-08-01 05:56] – created malte70
+++ snippets:security [2026-01-20 10:37] (current) – Abschnitt „SFTP-only Benutzer“ hinzugefügt malte70
@@ Line 47: / Line 47: @@
 gpg --output Omas_Butterkuchen.pdf --decrypt Omas_Butterkuchen.pdf.gpg
 </code>
+===== SFTP-only Benutzer für Webspace-Kunden =====
+> Die folgenden Snippets sind eine Ergänzung/Zusammenfassung [[https://malte70.de/blog/sftp-only-chroot/|meines Blog-Posts zu dem Thema]].
+<code bash>
+#
+# Setup an SFTP-only user account
+#
+#
+# Customer config
+#
+cfg_username="web_rolltreppe3"
+cfg_realname="rolltreppe3.de"
+cfg_uid=2103
+cfg_domain="rolltreppe3.de"
+#
+# Generic Config
+#
+cfg_group="www-data"
+cfg_additional_groups="sftponly"
+cfg_home_prefix="/srv/http/"
+cfg_comment_prefix="[WebhostingCustomer] "
+#
+# Add new user
+#
+sudo useradd \
+	--uid $cfg_uid \
+	--comment "${cfg_comment_prefix}${cfg_realname}" \
+	--home-dir "${cfg_home_prefix}${cfg_username}/web" \
+	--gid "${cfg_group}" \
+	--groups "${cfg_additional_groups}" \
+	--shell /bin/false \
+	"${cfg_username}"
+#
+# Directory structure
+#
+sudo mkdir -p "${cfg_home_prefix}${cfg_username}/web"
+sudo mount -o bind \
+	/mnt/nfs.htdocs/${cfg_realname} \
+	${cfg_home_prefix}${cfg_username}/web
+echo "/mnt/nfs.htdocs/${cfg_realname}  ${cfg_home_prefix}${cfg_username}/web  none  defaults,bind  0  0" \
+	| sudo tee --append /etc/fstab
+#
+# Basic setup for the new user
+#
+sudo passwd ${cfg_username}
+new_home=$(getent passwd $cfg_username | cut -d: -f6)
+sudo mkdir "${new_home}/.ssh"
+sudo cp ~/.ssh/id_ed25519.pub "${new_home}/.ssh/authorized_keys"
+sudo chown -R ${cfg_username}:${cfg_group} ${new_home}/.ssh
+sudo chmod 600 ${new_home}/.ssh/authorized_keys
+</code>