Let’s start by:
su - groupadd sftp_users usermod -G sftp_users my_username |
Then:
emacs /etc/ssh/sshd_config # Search the line below and replace it Subsystem sftp /usr/lib/openssh/sftp-server # by this one Subsystem sftp internal-sftp # Now each time that a user connects from the sftp group, # we are gonna apply theses rules: Match Group sftp_users X11Forwarding no AllowTcpForwarding no ChrootDirectory /home ForceCommand internal-sftp |
Finally:
systemctl restart ssh |
https://serverfault.com/questions/660160/openssh-difference-between-internal-sftp-and-sftp-server
Edit: If you need to remove a user from a group:
gpasswd -d user group |
or debian includes a tool:
deluser user group |
https://unix.stackexchange.com/questions/29570/how-do-i-remove-a-user-from-a-group