How to manage FTP and CHMOD / CHOWN when working with a freelancer?

Question

Nowdays, when working with a freelancer, I add a new user to Debian, create a ftp access to this user and give that to the freelancer

Problem is that freelancer can access some data I want to keep confidential such as: config.php or sqlconfig.php

What would the best strategy so freelancer has some FTP access but cannot access some files (including read them) ?

Regards

score 1 · Answer 1 · answered Apr 10 '17 at 22:15

1

chmod o-rwx on the confidential files and make sure the freelancer is not owner nor group member of the group assigned to the confidential files.

answered Apr 10 '17 at 22:15

anneb

206
1
8

score 0 · Answer 2 · answered Apr 11 '17 at 02:04

Create a new group, put the www-data user and your trusted dev(s) (ie, you or whovever else), set perms and ownership appropriately. Freelancer could still write code that could fopen() the files (and then display in his browser, whatever) though since the www-data user needs to be able to read the files... If www-data doesn't need to read the files, they don't belong in the webspace.

addgroup www-private
adduser www-data www-private
apache2ctl restart
chmod 640 /var/www/html/privatefile.php
chown trusteddev.www-private /var/www/html/privatefile.php

How to manage FTP and CHMOD / CHOWN when working with a freelancer?

2 Answers2