#!/bin/bash

# Run this script with "(sudo) bash <filename> <args>".

# Exit on error.
set -e

# sftp group to create/use
SFTP_GROUP='sftp'

if [[ ! -z "$1" ]]; then
    usermod -aG "$SFTP_GROUP" "$1"
else
    # Add sftp group.
    addgroup ${SFTP_GROUP:-sftp} || true

cat << EOF > /etc/ssh/sshd_config.d/sftp.conf
Match Group ${SFTP_GROUP:-sftp}
    PasswordAuthentication yes
    ChrootDirectory %h
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp

Match all
EOF

systemctl restart sshd

printf 'Call this script with a user to add them to the sftp group.\n'

fi