I'm testing an SFTP server. In my sftp configuration, the line "Match Group sftponly" appears. That is, from what I understood only users who are from the 'sftponly' group could access SFTP. But I noticed something troubling. On the same server I have a user named 'john', created to access another service. That is, it is not from the 'sftponly' group. But if john opens Filezilla and tries to access SFTP, he succeeds even though he is not in the sftponly group. It's worse! I noticed that in Filezilla it has access (even if only read) to the whole system! Because it is not in the 'sftponly' group, it is not directed to the given folder in the sftp ChrootDirectory parameter. It simply drops into your HOME folder and from there you can exit it and see all other system folders. My question: Is it possible to limit SFTP only to users who are actually members of the sftponly group, but to allow john to continue accessing other services using the SSH protocol?