In this tutorial, we are creating sftp user ee-user having access to only example.com
Create Users
The following command creates a user ee-user who should only allowed to perform SFTP in chroot environment, and not able to ssh.
[email protected]:~# useradd -G www-data -ms /bin/false ee-user [email protected]:~# passwd ee-user
Create SFtp Home Directory
Lets create the home directory for user ee-user.
[email protected]:~# mkdir -p /home/ee-user/example.com/htdocs
Setup Permissions
Letus setup permissions for the user ee-user
[email protected]:~# chown ee-user:www-data /home/ee-user/example.com [email protected]:~# chown root:root /home/ee-user/ [email protected]:~# chown root:root /home/
The permissions should look like this for example.com directory, after executing above command.
[email protected]:~# ls -ld /home/ drwxr-xr-x 5 root root 4096 Oct 24 06:42 /home/ [email protected]:~# ls -ld /home/ee-user/ drwxr-xr-x 3 root root 4096 Oct 24 06:42 /home/ee-user [email protected]:~# ls -ld /home/ee-user/example.com drwxr-xr-x 2 ee-user www-data 4096 Oct 31 08:49 /home/ee-user/example.com
Setup sftp-server
Comment and add following lines in /etc/ssh/sshd_config file
[email protected]:~# vim /etc/ssh/sshd_config # Find below line Subsystem sftp /usr/lib/openssh/sftp-server # Replace above line with following line Subsystem sftp internal-sftp # Add following lines at EOF Match group www-data X11Forwarding no ChrootDirectory %h AllowTcpForwarding no ForceCommand internal-sftp
Restart ssh service
[email protected]:~# service ssh restart
Setup webroot permissions
chmod g+s /var/www/example.com/htdocs/ chmod 775 /var/www/example.com/htdocs
Mount webroot in SFtp home directory
[email protected]:~# mount --bind /var/www/example.com/htdocs /home/ee-user/example.com/htdocs
add above command in /etc/rc.local
[email protected]:~# vim /etc/rc.local
#!/bin/sh -e # # rc.local # # This script is executed at the end of each multiuser runlevel. # Make sure that the script will "exit 0" on success or any other # value on error. # # In order to enable or disable this script just change the execution # bits. # # By default this script does nothing. mount --bind /var/www/example.com/htdocs /home/ee-user/example.com/htdocs exit 0
save above file and quit :wq
Under “Setup webroot permissions” one needs to use the recursive option:
v3: chmod 775 /var/www/example.com/htdocs -R
v4: chmod 775 /opt/easyengine/sites/example.com/app/htdocs -R
For EE4 [email protected]:~# mount –bind /var/www/example.com/htdocs /home/ee-user/example.com/htdocs why dont work? I use too /opt/easyengine/sites/example.com/app/htdocs
Support related questions are better asked on our community forums (link – https://community.easyengine.io/)