I’m guessing that the original line specified a location for the sftp-server to be used by the server but we want the server to determine the best location for the sftp-server it is going to use and that’s what the second line does. #Subsystem sftp /usr/lib/openssh/sftp-server However, given the settings we just added to the file, we need to change that. Mine was not commented out, so that setting was active. Subsystem sftp /usr/lib/openssh/sftp-server This allows users in the group GROUPNAME SFTP access to the folder you created for them.īefore you close the nano session with “sshd_config”, you may have to change one other setting. At the end of the file, you want to add the following text: This will open the file “sshd_config” with a text editor (nano) so you can make changes. To grant them SFTP access, you need to change the SSH settings: However, we need to tell the server that the user needs SFTP access and then need to force them to go to just that one folder when they login with SFTP. So far, we have a new USER and GROUPNAME and the user has a folder they can access. It’s not a bad idea to also check to make sure that the folder above it is owned by “root” or your primary user, which will prevent your new USER from being able to make changes to that folder. If you navigate to that folder and check the settings, you should see that the owner is now the USER and the GROUPNAME (you can check with “ls -l”). We should also make sure the permissions for the new folder are what we want them to be – read/write for the user and group: Sudo chown USER:GROUPNAME /var/sftp/NEWFOLDER First, let’s give ownership of that folder to the user with the chown command: Now, we need to tell the server to restrict USER to this NEWFOLDER when they login. Sudo mkdir -p /var/web/DOMAIN/public/wp-content/uploads/NEWFOLDER I put mine in a subfolder on their wordpress installation: This folder can be anywhere on your server. You can create a directory the user can use: In particular, we want the user to have access to just a single directory. Of course, the next step is to restrict what your new USER can do. So, you have now created a new group and a new user and added the new user to the new group. Then add your USER to your GROUPNAME with the following command: Replace “USER” with whatever name you’re using for this individual, for me it was “sharon.” You’ll need to create a password for your USER and fill in some additional information. If this individual isn’t currently a user on your server, add them as a user as well: This will add a new user group called GROUPNAME (I called mine “ftpusers”). This can be done with the following command: So, I was faced with the question of how to set up an FTP/SFTP account for someone that is restricted to just one folder – a folder where she can upload stuff and delete files, but with no access to anything else.įirst, you should create a new user group on your server. However, I don’t want a novice to gain access to all the files on my server. But I explained it and, hopefully, she’ll grow more comfortable with it. She was worried as she doesn’t know what that is or how to use it. I explained to this person, we’ll call her Sharon, that it would be possible for her to upload these files herself using FTP/SFTP. I can do so using SSH, but GUI FTP/SFTP software was going to be easier in this situation as the person responsible for managing that site doesn’t have a lot of knowledge managing a website. As a result, for certain types of files, it is now required to upload them using a different approach. I do, however, host one for a colleague who actively develops online content for that site.Īs WordPress has developed, the ability to upload various file types has slowly been removed for security reasons. Most of the sites are run using WordPress and are my own or sites I manage for friends or family. I run a server (Ubuntu 18.04) that hosts about a dozen websites using Linode.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |