I recently migrated from a Centos Cpanel server setup to Ubuntu and have been trying to work out how to setup multiple users that are restricted/jailed to their own home directories when they ssh to the server as was the case in Cpanel.
I have a server that hosts multiple websites (mostly PHP based sites) and want to provide website owners access only to their website directories.
The server setup is as follows...
Ubuntu 16.04 Apache 2.4 PHP 7.0 - php-fpm MYSQL Varnish
I've done some digging to see how this could be done and have come up with the following method...
- Create seperate users and usergroups for each website owner.
- Use Apache vhosts to set userdir of the web directory to the user's home folder i.e. /home/user/public_html
- Chown all files and folders within the web dir to the user:usergroup created in step 1.
- Configure a seperate php-fpm pool for each website owner ensuring php runs as their own user.
- Chroot users ssh to their own home directory using method and make_chroot_jail.sh script explained here (https://www.howtoforge.com/restricting-users-to-sftp-plus-setting-up-chrooted-ssh-sftp-debian-squeeze/#-enabling-chrooted-ssh) and here (http://www.fuschlberger.net/programs/ssh-scp-sftp-chroot-jail/)
Given I already have a bunch of websites running on this server and would require a fair bit of work to get the above going, I guess I was hoping that somebody a lot smarter than myself could let me know if the above method is sound and worth going ahead with?
