3

I would like to get some clarification about the correct way to create limited users to access to my VPS user as WEBSERVER with Nginix.

I'm used to NOT install FTP and access via SFTP only. It is ok for every set up?

this is what I usually do from to create a limited user called "admin" that should be able to have access via SFTP to the folder with the website data

mkdir -p /var/www/mysite.com/
adduser admin
adduser admin www-data
chown -R root:root /var/www
chmod -R 755 /var/www
chmod -R 755 /var/www/mysite.com
chown -R admin:www-data /var/www/mysite.com/

It seems not to be the correct way, I always have problems with permission when I upload some files (for example with Wordpress in general). I would like to create an user that does work exactly as the one that the "provides" give to their client when they buy an Hosting service (that is a FTP, I would prefer SFTP access). It is for personal user, but I think that a limited user is a lot safer to use then the "root" via SFTP.

mattewre
  • 31
  • 4

3 Answers3

2

You may use sftp, just set the directory /var/www/mysite.com like this:

chmod 2775 /var/www/mysite.com

This will make the directory group writable and stick the group www-data to every file created bellow this directory. If you already have files within the directory, you may propagate the directory permissions with this command:

find /var/www/mysite.com -type d -exec chmod 2775 {} \;

Hope this help you have the "hosting feeling" you are seeking for. ;)

fboaventura
  • 1,125
  • 11
  • 16
0

The best way to set this up would be using a virtual-user set up through software like ProFTPD or Pure-FTPD which both support virtual users out of ldap, mysql or other databases, and also both support FTP and SFTP in the same package. Using the virtual users you can lock them in the FTP directory, but also set the UID and GID that this user will use to store and access files. See the relevant documentation on how to exactly implement this.

Flash
  • 1,290
  • 7
  • 10
0

It looks like the issue you're having has to do with the criteria by which chroot jailing requires users to be setup. Two of the biggest issues that people run into are that the user's home directory and all directories above it must only be writable by the root user, and they must be owned by root. Because of that stipulation, the best way to created a jailed setup ( in my opinion ) is:

mkdir -p /var/www/vhosts/mysite.com/public_html
useradd -d /var/www/vhosts/mysite.com mynewuser
chown -R root:root /var/www/vhosts/mysite.com
chmod 755 /var/www/vhosts/mysite.com
chown mynewuser:www-data /var/www/vhosts/mysite.com/public_html

Or if you need Apache to have write access, change it to 775 for the needed directories.

I set this up in this fashion, so that when the user logs in the only directory they have access to is 'public_html' and have no knowledge of any other virtual hosts on the system. This gives the appearance of a completely isolated instance as you would receive from any provider.

Linztm
  • 381
  • 2
  • 7