5.1.5. HOWTO Enable SFTP Restricted Accounts
This section describes the method for restricting an account to SSH File Transfer Protocol (SFTP) access only.
5.1.5.1. Add a User
Create a user account based on the following example.
user { "foo":
uid => <UID>,
gid => <GID>,
shell => '/usr/libexec/openssh/sftp-server'
}
5.1.5.2. Modify /etc/shells
To allow your user to use the sftp-server application as a shell, you will
need to add custom shell to useradd::shells
in Hiera as shown
below.
useradd::shells:
- /usr/libexec/openssh/sftp-server