how do I restrict an sFTP user to just their home folder?
Today I setup a user for on my Mac specifically for someone to sFTP files to my computer.
I tested the connection on another computer on the network, it worked OK but I quickly realised that after logging in via an FTP client, I could got to the root dir and start to navigate around other folders, getting to other home directories, download photos etc.. all of which I dont want the user to do.
I would like the FTP user to login, and only see their home directory, nothing else.
the root shouldnt show any files for example.
I have tried to lock things down and its a bit better, ensuring that a lot of the folders have owner only permissions, and group write only.
However there are some folders that cannot be locked down by default.
/Applications
For example, any user can read any file in that folder, even if the user is only intended to FTP files.
i have tried changing the group the user belongs to (changing it from 'Staff' to 'Nobody') but it doesnt seem to make a difference.
Hope someone can help me with this please, perhaps there is a better way. I have not used any terminal commands in what I have done, everything has been via the GUI (which I guess should be sufficient).