A while back, I was helping a friend who wanted to give someone access to his server files. He didn’t want to hand over full control—just a way for them to upload and download files. “Is that even possible?” he asked me. “Of course,” I told him, “we’ll set them up with SFTP.”
That day, we set up a new user and gave them SFTP access in about 10 minutes. No headaches, no risk of giving them too many permissions.
In this post, I’ll walk you through how to do that—step by step.
Even if you’re new to servers or Linux, you can do this. I’ll explain each command and term as we go.
What Is SFTP?
Let’s start with the basics.
SFTP stands for Secure File Transfer Protocol. It lets you upload, download, or manage files on a remote server—just like FTP, but safer.
SFTP runs over SSH (Secure Shell). SSH is how you connect securely to a server. If you’ve ever logged into a Linux server with the ssh
command, you’ve used it.
So if SSH is the tunnel, SFTP is the moving truck using that tunnel.
Why Use SFTP for a New User?
Sometimes, you want to give someone limited access:
- A web designer needs to upload files
- A backup script needs to write files to a folder
- A team member needs to pull reports
But you don’t want them to mess with system settings or other users’ files.
SFTP lets you control exactly what they can see and do.
What You Need Before You Begin
To follow this guide, make sure you have:
- A Linux server (Ubuntu 20.04 or similar)
- Root or sudo access to the server
- SSH already working
- Terminal access on your own computer
That’s it. No need for extra software or services.
Step 1: Create a New User
Let’s add a new user. You can pick any name. I’ll use sftpuser
as an example.
sudo adduser sftpuser
You’ll be asked to set a password. Choose something strong and secure. You can skip the other info like full name by just pressing Enter.
Step 2: Create a Directory for File Access
Now you decide where this user can put their files. Let’s create a folder just for them:
sudo mkdir -p /var/sftp/uploads
Here’s what each part means:
mkdir
creates a directory-p
makes sure all folders in the path are created/var/sftp/uploads
is where the files will go
This folder is like their home base.
Step 3: Set Folder Ownership
Let’s give ownership of that folder to the new user:
sudo chown sftpuser:sftpuser /var/sftp/uploads
This lets sftpuser
read and write inside that folder.
But wait—we need to make sure the SFTP part works too. For that, we set up a special “jail.”
Step 4: Create a Jail (Limit User to Folder)
We don’t want sftpuser
wandering around the rest of the server.
So we use a feature called a chroot jail. This locks the user into a directory, kind of like a sandbox.
Change ownership of the parent directory like this:
sudo chown root:root /var/sftp
sudo chmod 755 /var/sftp
This gives root control of /var/sftp
, while sftpuser
still controls /var/sftp/uploads
.
Step 5: Update SSH Config
Now let’s tell the SSH server to treat this user differently.
Open the SSH config file:
sudo nano /etc/ssh/sshd_config
Scroll to the bottom, then add:
Match User sftpuser
ChrootDirectory /var/sftp
ForceCommand internal-sftp
PasswordAuthentication yes
AllowTcpForwarding no
Let’s break that down:
Match User
tells SSH to apply this rule only tosftpuser
ChrootDirectory
locks them in/var/sftp
ForceCommand
makes sure they only use SFTP (not SSH)AllowTcpForwarding no
adds more safety
Save and exit the file (press CTRL+O
, then ENTER
, then CTRL+X
).
Step 6: Restart SSH
For changes to take effect, restart the SSH service:
sudo systemctl restart ssh
Step 7: Test the Connection
Now it’s time to test.
From another machine, try this:
sftp sftpuser@your-server-ip
You’ll be asked for the password. After you log in, try uploading a file:
put yourfile.txt
Then check that the file appears in /var/sftp/uploads
.
If it works, congrats—you’ve just set up SFTP access for a new user.
What If You See Errors?
Here are some common issues:
- Permission denied: Check folder ownership and SSH config
- Connection closes right away: Try looking at logs with
sudo journalctl -xe
- User can’t write files: Make sure the upload folder is owned by the user
Don’t forget to always test after every major change.
Two Handy Lists
Things SFTP Is Good For:
- Giving someone access to just one folder
- Uploading or downloading files securely
- Automating scripts for backups or uploads
- Working with developers or designers
Important Folders and Files:
/etc/ssh/sshd_config
– the SSH settings/var/sftp
– the base of your SFTP jail/var/sftp/uploads
– where files go/home/username
– don’t use this for jailed users
Why Not Use FTP Instead?
Good question.
FTP (File Transfer Protocol) is older and not secure. It sends passwords in plain text. Anyone spying on your network could steal them.
SFTP is safer. It uses encryption. That means even if someone is watching, they can’t see what’s being sent.
That’s why I always use SFTP—especially for remote servers.
Wrapping Up
You just learned how to:
- Add a new Linux user
- Create a safe folder for file transfers
- Lock the user into that folder
- Enable SFTP access with password login
- Test and troubleshoot the setup
I use this setup whenever I work with clients or team members who just need to upload files. It’s clean, simple, and safe.
Do you have a situation where this could help? Maybe you’re running a website or app and want to keep your data secure. Or you’re just tired of giving out too much access to your server.
Now, you have a better way.
Let me know if you want help setting up key-based login instead of passwords—that’s even more secure.
What kind of project are you working on right now?