I have added a user to the system via the adduser tool. Then, in /etc/passwd, I tried changing the /bin/bash to /sbin/nologin or to /dev/null, but neither of these worked.
I would like the user not having the option to get an interactive shell, and just to use sftp. Is there a way?
I know it's been asked here before but it seems no-one gave a satisfactory response.
You should also be able to do it with OpenSSH 4.9 and up, with which you can additionally chroot the user for increased security.
In your /etc/ssh/sshd_config:
Match User user
ChrootDirectory /home/user
ForceCommand internal-sftp
AllowTcpForwarding no
Then run:
chsh -s /bin/false user
chown root:root /home/user
mkdir /home/user/uploads
chown user /home/user/uploads
The user will only be able to write in /home/user/uploads.
https://debian-administration.org/article/590/OpenSSH_SFTP_chroot_with_ChrootDirectory
The command you should use to change the shell is chsh. The nologin shell can be /sbin/nologin or /usr/sbin/nologin (check which you have by looking in /etc/shells) but /bin/false would probably be a better choice.
chsh -s /bin/false user
You should consider setting up something like scponly which will do exactly what you want.
I think the best way is with mysecureshell
http://mysecureshell.sourceforge.net/en/index.html
You can chroot a user with this easily and even limit bandwidth if needed.
You can add a user with -s /bin/false to disable their shell, but what you really should look into setting up is a chrooted sftp acccount. This will "jail" a user into their own directory and prevent them from being able to access or modify any files or directories outside of the chroot directory.
