2
1
I have a VPS running Ubuntu Server 14.04.
Here's a selection of my directory structure:
/
home/
my_user/
var/
www/
wp-content/
themes/
my-theme/
my-theme-child/
Permissions for the directories are 755 and files are 644.
Say I hire a developer, my_user
, to work on a theme for me. I want them to be able to do anything they want to their home folder. I also want them to be able to read my-theme
and read and write my-theme-child
, but nothing more. They shouldn't even be able to see the directory structure of any other part of the server.
I've done some reading and I think a chroot
jail would work nicely to keep my developer in their home directory, but I can't figure out how to give them access to my-theme
and my-theme-child
in addition to their current access.
How can I achieve this?
The lack of rich application-layer access control in SSH/SCP/SFTP is one of the biggest shames of the protocol, imho. – gowenfawr – 2015-03-19T16:10:25.760
1You should create a group for the people working in the theme and then assign it for the folders with the right permissions. Remember, the user may try to access the folders manually if you dont restrict the access. – Fg4spr – 2015-03-19T16:35:30.710
1@gowenfawr That's more an issue with the widely-used OpenSSH SFTP server program. There are commercial SFTP servers which give more control over what can be accessed remotely. – Kenster – 2015-03-19T21:02:02.287
@Kenster great point - my criticism would be more properly worded "...of the de facto implementation" rather than "of the protocol". – gowenfawr – 2015-03-19T21:05:50.543