I want to give my friend access to a single folder on my server.
I created a new user for him, created a new group for him, and chgrp -R'd the folder for him so that he would have access.
I just tried SSHing in as him, and he can see everything on my server. He can see all the directories, cat, and download files. The only thing he can't seem to do is modify or create files.
How can I remove access for him from everything except his home folder and this special folder for which he is in the group of?
Here's what I've done, I ran nano /etc/ssh/sshd_config and added this to the bottom:
Match group GROUP
ChrootDirectory /srv/WEBSITE
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
And then ran service ssh restart.
Now I can't log in as my friend using WinSCP.
You are not very clear on the things your friend is supposed to do in the folder. As you state that
www-datashould have write rights as well, I assume this is a web data directory. For this,sFTPorscpwould be my tools of choice for your friend. This answer explains how to set up both in achrootenvironment. If your friend actually has to log in via ssh, you may need to copy some binaries for him to use, or useln -sto link/usrinto the chroot environment.