Deluge is already installed, configured and working.
The deluge user looks like:
A SSH server is already installed, configured and working.
- Create the sftp user and add it to the deluge group (this will allow him to access to
- Modify the sshd config (
/etc/ssh/sshd_config) and add this lines:
- Restart the sshd server:
- Change chroot directory rights, this is required or sftp won't let you connect. The home directory must be owned as root and not writable by another user or group. This includes the path leading to the directory.
- You won't be able to connect in sftp if your user have
/bin/falseshell as it's not defined in the
/etc/shells. To disable normal ssh login, add
/etc/shellsand change sftpuser shell:
- Test ssh access: (access should be refuse if
- Test sftp access: (sftp user should be placed in the chroot environment)
- Create the torrent folder to let sftp user access to deluge download folder:
- Give the torrent folder the appropriate rights:
As sftpuser will be chrooted in his home directory (
/home/sftpuser/) he won't be able to access
/srv/deluge/Downloads even if he has rights (he is in deluge group) and a symbolic link like
ln -s /srv/deluge/Downloads /home/sftpuser/deluge won't work because it is outside the chroot environment. For sftpuser accessing via sftp to the chroot environment,
/home/sftpuser/ will be the root directory
/ so the symbolic link to
/srv/deluge/Downloads will in fact be wrong as
/home/sftpuser/srv/deluge/Downloads doesn't exist.
We can't directly chroot sftpuser in
/srv/deluge/Downloads because that will require to change the
/srv/deluge/Downloads/ folder ownership to
root:root and so deluge user won't be able to access it anymore.
We must chroot sftp user because letting him access to the whole system would be a security issue.
So we will give sftp user two home directory: one SFTP home that is locked down by root (
/home/sftpuser/) and one home he can write to (
/home/sftpuser/torrent/) so sshd will be satisfied and the system will remain secure. To do that, we will make the deluge folder (the writable home directory) appear as a subdirectory inside the SFTP home directory:
We can also add this into
/etc/fstab to make this configuration permanent even after a reboot:
SFTP user is now ready to access the deluge download folder via SFTP.
Thanks to the great ArchLinux wiki.