External parties often need to upload data to your application. Sadly, most ask for a FTP server. Push back against this and suggest they use sFTP.
This article explains how to set-up a chroot-ed user in Ubuntu 12.04 so that an external party can upload data to your application securely.
This is mainly for my own reference.
Create user with a dummy shell:
$ adduser --shell=/bin/false barry
and alter the ownership and permissions of their home folder:
$ chown root:barry /home/barry $ chmod 755 /home/barry
Now create a folder to upload to:
$ mkdir /home/barry/uploads $ chown barry:barry /home/barry/uploads $ chmod 755 /home/barry/uploads
Edit /etc/ssh/sshd_config and comment out the line:
Subsystem sftp /usr/lib/openssh/sftp-server
and add the following at the bottom of the file:
Subsystem sftp internal-sftp Match User barry ChrootDirectory %h ForceCommand internal-sftp X11Forwarding no AllowTCPForwarding no
then restart SSH:
$ /etc/init.d/ssh restart
The new user should now be able to sFTP.