WWW

How to Create an SFTP-Only User Restricted to One Folder in WHM/cPanel

  • Home
  • Careers
  • How to Create an SFTP-Only User Restricted to One Folder in WHM/cPanel

When you’re hosting websites on a WHM/cPanel server, you may want to give a developer, designer, or client SFTP access to upload files — but restrict them to a specific folder. By default, cPanel’s FTP accounts don’t support SFTP, so you need to configure a jailed (chrooted) SFTP-only user at the system level.

This guide shows you how to create an SFTP-only user locked to a specific folder with proper security.

✅ Prerequisites

  • WHM root access (or SSH root login).
  • A cPanel account already created (we’ll call it mycpuser here).
  • SSH/SFTP service enabled on your server.

1. Decide the Folder Structure

We’ll create this structure:

  • /home/mycpuser/sftp-users/client1/ → chroot jail (must be root-owned).
  • /uploads/ → writable subfolder for the user.

This keeps SFTP users neatly organized under sftp-users/.

2. Create the System User

SSH into your server as root and run:

  • -d → sets home directory.
  • -s /sbin/nologin → disables shell login (SFTP only).

3. Set Up the Directory

Create the required folder structure:

Fix permissions (root must own the chroot, user owns the subfolder):

4. Configure SSH for SFTP Chroot

Edit the SSH config:

Add at the bottom:

Restart SSH:

5. Test the SFTP Account

From your local machine:

  • You’ll log into / (which maps to /home/mycpuser/sftp-users/client1 on the server).
  • The user can only write inside /uploads/.

6. Troubleshooting

🔴 Error: Connection closed [preauth]

  • Cause: One of the parent directories isn’t owned by root:root.
  • Fix: Run ls -ld /home /home/mycpuser /home/mycpuser/sftp-users /home/mycpuser/sftp-users/client1 and correct ownership.

🔴 Error: Permission denied when uploading

  • Cause: User is trying to upload directly into the jail folder.
  • Fix: Upload into /uploads/, which is writable.

7. Security Tips

  • Always use /sbin/nologin or /usr/sbin/nologin as the shell for SFTP-only accounts.
  • If possible, use SSH keys instead of passwords.
  • Group multiple SFTP users under /home/mycpuser/sftp-users/ for clean management.
  • Monitor logs with: tail -f /var/log/secure or journalctl -xeu sshd

🎯 Conclusion

With this setup, you can safely provide SFTP-only access to users while restricting them to a single folder. This is ideal for developers, clients, or collaborators who need file transfer access without exposing your entire hosting account.

Previous Post
15 Critical SEO limits you must know with a complete checklist of on-page & technical limits
Next Post
What is EEAT in SEO

Leave A Comment

Archives

Categories

Web with Wordpress Logo
Web with Wordpress Logo

Our purpose is to build solutions that remove barriers preventing people from doing their best work.

Cart
Select the fields to be shown. Others will be hidden. Drag and drop to rearrange the order.
  • Image
  • SKU
  • Rating
  • Price
  • Stock
  • Availability
  • Add to cart
  • Description
  • Content
  • Weight
  • Dimensions
  • Additional information
Click outside to hide the comparison bar
Compare