In the remote box: create a user not member to any group that has a shell and don't assign a password, but configure ~/.ssh/authorized_keys2 to login remotely. chown -R www-data.${MY_NEW_USER} /PATH/TO/FILES/I/WANT/TO/EDIT/ find /PATH/TO/FILES/I/WANT/TO/EDIT/ -type d -exec chmod 770 "{}" \; find /PATH/TO/FILES/I/WANT/TO/EDIT/ -type f -exec chmod 440 "{}" \; You could also configure www-data with ssh-keys and add/remove a shell in a blink. You'll need to ssh as root, which either is not allowed by /etc/ssh/sshd_config (and you want it like that) or doesn't have a password (which you also want it like that) The solution again is ssh keys and configure /etc/ssh/sshd_config with: PermitRootLogin without-password Now you can: ssh root@remotebox 'usermod -s/bin/rbash www-data' sftp as www-data and, immediately after log in (sftp will keep working) ssh root@localhost 'usermod -s/bin/false www-data' Free advice, can't sue me... :) ET techlists@phpcoderusa.com writes: > Hi, > > I am running Ubuntu 16.04 on a test server. I'd like to understand > ownership for virtual hosts. I assume www-data:www-data so the files > can be edited by PHP such as WordPress being able to upload or upgrade > themes and plugins. Is this correct? > > I would also like to do some remote editing using SFTP. Some say to add > a password and shell to www-data so the editor can connect as www-data. > This seems like a security issue. > > The other solution i;m seeing is to make the owner:group $USER:$USER - > which makes the files owned by the SFTP user which seems not secure and > I'm figuring WordPress will not be able to edit it's own files. > > What is the appropriate way? > > Thanks in advance. > > Keith --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss