Now Trending:
Home
How to Set Up SFTP Access for a New User

How to Set Up SFTP Access for a New User

May 5, 2025

A while back, I was helping a friend who wanted to give someone access to his server files. He didn’t want to hand over full control—just a way for them to upload and download files. “Is that even possible?” he asked me. “Of course,” I told him, “we’ll set them up with SFTP.”

That day, we set up a new user and gave them SFTP access in about 10 minutes. No headaches, no risk of giving them too many permissions.

In this post, I’ll walk you through how to do that—step by step.

Even if you’re new to servers or Linux, you can do this. I’ll explain each command and term as we go.

What Is SFTP?

Let’s start with the basics.

SFTP stands for Secure File Transfer Protocol. It lets you upload, download, or manage files on a remote server—just like FTP, but safer.

SFTP runs over SSH (Secure Shell). SSH is how you connect securely to a server. If you’ve ever logged into a Linux server with the ssh command, you’ve used it.

So if SSH is the tunnel, SFTP is the moving truck using that tunnel.

Why Use SFTP for a New User?

Sometimes, you want to give someone limited access:

  • A web designer needs to upload files
  • A backup script needs to write files to a folder
  • A team member needs to pull reports

But you don’t want them to mess with system settings or other users’ files.

SFTP lets you control exactly what they can see and do.

What You Need Before You Begin

To follow this guide, make sure you have:

  • A Linux server (Ubuntu 20.04 or similar)
  • Root or sudo access to the server
  • SSH already working
  • Terminal access on your own computer

That’s it. No need for extra software or services.

Step 1: Create a New User

Let’s add a new user. You can pick any name. I’ll use sftpuser as an example.

sudo adduser sftpuser

You’ll be asked to set a password. Choose something strong and secure. You can skip the other info like full name by just pressing Enter.

Step 2: Create a Directory for File Access

Now you decide where this user can put their files. Let’s create a folder just for them:

sudo mkdir -p /var/sftp/uploads

Here’s what each part means:

  • mkdir creates a directory
  • -p makes sure all folders in the path are created
  • /var/sftp/uploads is where the files will go

This folder is like their home base.

Step 3: Set Folder Ownership

Let’s give ownership of that folder to the new user:

sudo chown sftpuser:sftpuser /var/sftp/uploads

This lets sftpuser read and write inside that folder.

But wait—we need to make sure the SFTP part works too. For that, we set up a special “jail.”

Step 4: Create a Jail (Limit User to Folder)

We don’t want sftpuser wandering around the rest of the server.

So we use a feature called a chroot jail. This locks the user into a directory, kind of like a sandbox.

Change ownership of the parent directory like this:

sudo chown root:root /var/sftp
sudo chmod 755 /var/sftp

This gives root control of /var/sftp, while sftpuser still controls /var/sftp/uploads.

Step 5: Update SSH Config

Now let’s tell the SSH server to treat this user differently.

Open the SSH config file:

sudo nano /etc/ssh/sshd_config

Scroll to the bottom, then add:

Match User sftpuser
    ChrootDirectory /var/sftp
    ForceCommand internal-sftp
    PasswordAuthentication yes
    AllowTcpForwarding no

Let’s break that down:

  • Match User tells SSH to apply this rule only to sftpuser
  • ChrootDirectory locks them in /var/sftp
  • ForceCommand makes sure they only use SFTP (not SSH)
  • AllowTcpForwarding no adds more safety

Save and exit the file (press CTRL+O, then ENTER, then CTRL+X).

Step 6: Restart SSH

For changes to take effect, restart the SSH service:

sudo systemctl restart ssh

Step 7: Test the Connection

Now it’s time to test.

From another machine, try this:

sftp sftpuser@your-server-ip

You’ll be asked for the password. After you log in, try uploading a file:

put yourfile.txt

Then check that the file appears in /var/sftp/uploads.

If it works, congrats—you’ve just set up SFTP access for a new user.

What If You See Errors?

Here are some common issues:

  • Permission denied: Check folder ownership and SSH config
  • Connection closes right away: Try looking at logs with sudo journalctl -xe
  • User can’t write files: Make sure the upload folder is owned by the user

Don’t forget to always test after every major change.

Two Handy Lists

Things SFTP Is Good For:

  • Giving someone access to just one folder
  • Uploading or downloading files securely
  • Automating scripts for backups or uploads
  • Working with developers or designers

Important Folders and Files:

  • /etc/ssh/sshd_config – the SSH settings
  • /var/sftp – the base of your SFTP jail
  • /var/sftp/uploads – where files go
  • /home/username – don’t use this for jailed users

Why Not Use FTP Instead?

Good question.

FTP (File Transfer Protocol) is older and not secure. It sends passwords in plain text. Anyone spying on your network could steal them.

SFTP is safer. It uses encryption. That means even if someone is watching, they can’t see what’s being sent.

That’s why I always use SFTP—especially for remote servers.

Wrapping Up

You just learned how to:

  • Add a new Linux user
  • Create a safe folder for file transfers
  • Lock the user into that folder
  • Enable SFTP access with password login
  • Test and troubleshoot the setup

I use this setup whenever I work with clients or team members who just need to upload files. It’s clean, simple, and safe.

Do you have a situation where this could help? Maybe you’re running a website or app and want to keep your data secure. Or you’re just tired of giving out too much access to your server.

Now, you have a better way.

Let me know if you want help setting up key-based login instead of passwords—that’s even more secure.

What kind of project are you working on right now?

Tweet

Related Posts

Leave a Reply