Creates a chroot jailed account for sftp client

client-sftp.sh

#!/bin/bash
# Example: sudo ./client-sftp.sh xyz-ftp
# Be sure to adjust/add directories as needed

# Check if a user param is provided
if [ -z "$1" ]; then
    echo "Usage: $0 <username>"
    echo "Example: $0 xyz-ftp"
    exit 1
fi

USERNAME=$1
FTP_ROOT="/srv/ftp/$USERNAME"

echo "==== Starting Setup for User: $USERNAME ===="

# 1. Create directory structure
echo "Creating directories..."
# We create the deep structure immediately to avoid 'directory not found' errors later
sudo mkdir -p "$FTP_ROOT/sync/extracted/output"

# 2. Create user (if not exists)
if id "$USERNAME" &>/dev/null; then
    echo "User $USERNAME already exists. Skipping useradd."
else
    echo "Creating user account..."
    # -d sets home directory
    sudo useradd -d "$FTP_ROOT" "$USERNAME"
fi

# 3. Set password
echo "------------------------------------------------"
echo "Please enter the new password for $USERNAME:"
echo "------------------------------------------------"
sudo passwd "$USERNAME"

# 4. Modify user settings
echo "Configuring user groups and shell..."
sudo usermod -g sftp "$USERNAME"
sudo usermod -s /bin/false "$USERNAME"

# 5. Set Permissions (Critical for Chroot)
echo "Setting permissions..."

# First, give the user ownership of everything inside
sudo chown "$USERNAME":sftp -R "$FTP_ROOT"

# CRITICAL: The Chroot root directory must be owned by root and NOT writable by group/other
sudo chown root:root "$FTP_ROOT"
sudo chmod 755 "$FTP_ROOT"

echo "==== Setup Complete ===="
echo "SFTP Root:    $FTP_ROOT (Owned by root, Read-Only for user)"
echo "Upload Dir:   $FTP_ROOT/sync (Owned by $USERNAME, Writable)"