Proper procedure - sftp access to www folder - To be able to upload files

0

My www folder is root:root. What should it be? My site works perfectly but maybe I am doing something wrong.

My nginx.conf says user is 'nginx'. Should I be changing the www onwership and group to that or something else?

Mainly I want to be able to sftp into the www folder using FileZilla. Preferably only allow access to the www folder. I want to be able to upload the website files but I just don't know the proper procedure.

I have tried changing owners and groups but I get worried some part of the stack will not like it. For example does nginx play along, and php?

I thought about having a sftp group or even an sftp user. But I don't want to go down a path that should be avoided.

What should I be doing with my setup?

Edit:

I should have been more clear. It is CentOS running on a VPS.

My question about the SFTP relates to the permissions - I wanted to login through FileZilla and drag over a few html files into the web directory of one of the sites.

But of course I don't have the proper permissions and I wanted to know what is the best way to approach permissions - A learning exercise mostly.

I want it to be secure and for example might only want the sftp user to be able to see one particular web directory. But I am new to a lot of linux and the permissions, owners and groups are a challenge.

Jay

Posted 2013-11-02T03:21:27.817

Reputation: 11

can you be a little more clear? What should I be doing with my setup is rather vague. We can definately help with specific questions, but this isnt a plain answer, this is a whole situation – PsychoData – 2013-11-02T05:26:52.640

I would really just like to know what others do with their permissions. From research I can see a lot recommend having a group that has permissions to read, write etc and then add users to that group as necessary. – Jay – 2013-11-02T13:40:22.730

Answers

0

Make sure you have OpenSSH installed and running.
chkconfig sshd on

Start the service manually, or check status
/etc/init.d/sshd status
/etc/init.d/sshd start

Edit: /etc/ssh/sshd_config
Make sure this is included; 

...
    Subsystem sftp /usr/lib/openssh/sftp-server
...

Add the following lines for each user|group you would like to include 

Match User fooba
    ChrootDirectory /home
    AllowTCPForwarding no  
    X11Forwarding no
    ForceCommand /usr/lib/openssh/sftp-server

Be sure to set the following directives; 

PermitRootLogin no  
AllowUsers fooba

Now restart ssh;
/etc/init.d/ssh restart

As for user access controls and directory permissions, I suggest reading this post if you are not already familiar.

And finally, this post which does a really good job explaining a more specific scenario like yours.

jredd

Posted 2013-11-02T03:21:27.817

Reputation: 776

Thanks for the reply. I should have been more clear. It is CentOS running on a VPS. My question about the SFTP relates to the permissions - I wanted to login through FileZilla and drag over a few html files into the web directory of one of the sites. But of course I don't have the proper permissions and I wanted to know what is the best way to approach permissions - A learning exercise mostly. I want it to be secure and for example might only want the sftp user to be able to see one particular web directory. But I am new to a lot of linux and the permissions, owners and groups are a challenge. – Jay – 2013-11-02T13:45:59.880

edit this into your main question @Jay – PsychoData – 2013-11-02T16:53:52.047

Asked: 2013-11-02T03:21:27.817

Viewed: 1 410 times

Active: 2013-11-02T22:13:31.780