6
1
I'm trying to give a client SFTP access to the root directory of their site on my server (Ubuntu 10.10) so they can manager their website themselves.
While I have been successful in jailing a user to a directory and giving them SFTP access; they are only allowed to create and delete new files in sub directories (the directories they own). This means that I must give them access to the parent directory to the root of their site.
So far I have followed the instructions in this tutorial as follows:
addgroup filetransfer
usermod -G filetransfer username
chown root:root /home/username
chmod 755 /home/username
cd /home/username
mkdir docs public_html
chown username:username *
How can I limit them to the root of their site (for example public_html) while still allowing them the ability create and delete files. All the tutorials I have read suggest that the root must be the owner of the user's home directory, which prevents them from write access inside that directory.
I'm relatively new to managing my own server so any advice would be very grateful.
Many thanks.
Thanks for your advice. On line 3 of your second example are you changing the group associated with the folder? And on line 4 I presume this gives the group write access to the folder? I've added a reference to one of the methods I've tried to jail the user and give them SFTP access to give you a base line of what I've done so far. – limitlessloop – 2012-03-28T19:33:35.507
1Both your assumptions are right. According to a comment in your link (Ryan's), the directory should be owned by the root account but changing the group might be OK. So the group trick might work, I edited my answer above. – Laurent Couvidou – 2012-03-28T20:47:53.747
Hi, thanks. After spending a few hours reading some more articles regarding chroot and trying your suggestions it seems that when you give the group access to the chroot directory SFTP denies the user access to the directory. The error I get in one FTP client is "Could not open channel (Closing all channels)." At one point I thought I had it working but I'm not sure if that was something fishy going on with my FTP client. – limitlessloop – 2012-03-28T23:29:14.243
Reading some more it seems that sshd is quite strict on who it allows access. If it detects permissions from any other user it denies access. https://wiki.archlinux.org/index.php/SFTP-chroot
– limitlessloop – 2012-03-28T23:36:11.520OK, so you need somebody that knows more about that than myself. Maybe this is just not possible with chroot and sftp? I've got an SFTP access to a Gandi simple hosting instance => no way to create files or directories at root. – Laurent Couvidou – 2012-03-29T09:16:31.397
Really appreciate your time though. I know a lot more about chown and chgrp :) Thanks for your help. – limitlessloop – 2012-03-29T09:52:43.147