[root@localhost ~]# groupadd sftpusers
[root@localhost ~]# useradd -s /sbin/nologin -G sftpusers -M prodsftp
[root@localhost ~]# mkdir -p /fwd/filedata
[root@localhost fwd]# chown root:root filedata/
[root@localhost fwd]# ll -h
总用量 0
drwxr-xr-x. 2 root root 6 8月 30 14:34 filedata
[root@localhost fwd]# cd filedata/
[root@localhost filedata]# mkdir prodsftp
[root@localhost filedata]# chgrp prodsftp prodsftp/
[root@SFTP5001 /fwd/filedata]# ll -h
total 4.0K
drwxr-xr-x 3 root prodsftp 4.0K Aug 30 14:12 prodsftp
[root@localhost filedata]# cd prodsftp/
[root@localhost prodsftp]# mkdir prod
[root@localhost prodsftp]# ls
prod
[root@localhost prodsftp]# chown prodsftp:prodsftp prod
[root@localhost prodsftp]# vim /etc/ssh/sshd_config
#Subsystem sftp /usr/libexec/openssh/sftp-server # 这一行注释掉
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
Subsystem sftp internal-sftp
Match Group sftpusers
ChrootDirectory /fwd/filedata/%u
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
[root@localhost prodsftp]# systemctl restart sshd
[root@localhost prodsftp]# passwd prodsftp ##JTprod@1234
目录权限结构
开启 sftp log
[root@localhost ~]# vim /etc/ssh/sshd_config
vim /etc/rsyslog.conf
# 在末尾添加这一行
auth,authpriv.*,local5.* /var/log/sftp.log
[root@localhost log]# systemctl restart sshd
[root@localhost log]# systemctl restart rsyslog.service
[root@localhost log]# vim /var/log/sftp.log
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
