This section describes the method for restricting an account to :term:`SSH File Transfer Protocol` (SFTP) access only.
Create a user account based on the following example.
user { "foo":
uid => <UID>,
gid => <GID>,
shell => '/usr/libexec/openssh/sftp-server'
}
To allow your user to use the sftp-server
application as a shell, you will
need to add custom shell to useradd::shells
in :term:`Hiera` as shown
below.
useradd::shells:
- /usr/libexec/openssh/sftp-server