Discovered a freakishly use Linux application today that I am already installing on some of my virtual machines. It is called scponly and functionally what it does is give a user account scp/sftp access to a folder location, under a given user credintials, without actual shell access. Additionally you can manage the log-in account the same way you do every other account (ala adduser, passwd, chmod, etc.)
Here is a specific example. Pretend you want to setup sftp access to your apache server (because we all know ftp is terribly insecure.) Assuming your web root is located at /var/www (example for fedora) you would do the following:
- Install scponly (yum install scponly)
- Copy the shell into your allow system shells (which scponly >> /etc/shells)
- Create a new user (useradd -s /usr/bin/scponly -d /var/www -M sftpUserLogInName)
- Set user password for scp/sftp sessions (passwd sftpUserLogInName)
Now you can log in remotely using standard ssh to make sure you file transfer is secure. Directory listing even work under sftp. Most “quality” ftp clients support sftp (check out fireftp if you use Firefox) so client support is easily available regardless of platform. The best part, when you want to change permissions or modify the account password you do it with the standard Linux user manager suite, just like every other user on your system.