6

I'm trying to give a client SFTP access to the root directory of their site on my server (Ubuntu 10.10) so they can manager their website themselves.

While I have been successful in jailing a user to a directory and giving them SFTP access; they are only allowed to create and delete new files in sub directories (the directories they own). This means that I must give them access to the parent directory to the root of their site.

So far I have followed the instructions in this tutorial as follows:

addgroup filetransfer
usermod -G filetransfer username
chown root:root /home/username
chmod 755 /home/username
cd /home/username
mkdir docs public_html
chown username:username *

How can I limit them to the root of their site (for example public_html) while still allowing them the ability create and delete files. All the tutorials I have read suggest that the root must be the owner of the user's home directory, which prevents them from write access inside that directory.

I'm relatively new to managing my own server so any advice would be very grateful.

Many thanks.

limitlessloop
  • 161

2 Answers2

1

You should tell what you've done exactly to achieve this. If you're not already, you should probably try to use chroot (advices here: http://www.unixwiz.net/techtips/chroot-practices.html).

For your specific problem, you need to provide your users with write permission on their root folder. Either set them as owners and make sure write permission is set. I'm not sure why this would be such a bad idea:

# chown someuser /user/root/folder
# chmod u+w /user/root/folder

Or if you want to keep root as the owner, you could do it with a group:

# addgroup somegroup
# adduser someuser somegroup
# chgrp somegroup /user/root/folder
# chmod g+w /user/root/folder

EDIT

As comments mention in the provided link, it appears that root has to be the owner of the concerned directory for chroot to work correctly. But nothing seems to prevent changing the group. So following this tutorial's namings, this could do the trick:

# chown root:filetransfer /home/username
# chmod 775 /home/username

Notice how the permissions are now 775 and not 755, this gives write permission to all users belonging to the filetransfer group.

EDIT 2

No, that's not enough. Maybe this is just not feasible.

Laurent Couvidou
  • 155
0

For Ubuntu system --

I used this command with these arguments:

sudo useradd -d /home/node -m node

And then tested it with this username and sftp into ssh - I was successfully jailing this username, and a bin/shell skelton is given to that username but with limited function.

This is the most simple and best solution that I came across just few nights ago.

Faron
  • 497