How to Restrict a User's Access Using SFTP?
Eric Shubert
ejs at shubes.net
Wed Dec 28 10:26:34 MST 2011
On 12/27/2011 10:46 PM, Mark Phillips wrote:
> I need to give a user access to my web server via sftp to upload web
> site changes. What is the best way to do this? I have several other
> sites on the same server, so I want to prevent them or anyone else who
> gains access to their account from being able to make changes to those
> sites or other parts of the server.
>
> Thanks,
>
> Mark
>
I use vsftp, which can be configured to allow users access only to their
web site's tree. sftp might be able to do the same.
Then, create their user such that their home directory is their web
site's directory, and they cannot log in to the system (only vsftp) with
an /etc/passwd entry like this:
vsftpuser:x:511:511::/var/vhosts/domain.com/docs:/sbin/nologin
Files in their web site are owned by their user, with read permissions
for 'other' (o+r), which allows apache (or nginx) to read them.
--
-Eric 'shubes'
More information about the PLUG-discuss
mailing list