Create a SFTP access only user to transfer files from and to a WordPress installation
So I heard that you want to enable FTP access (read + write) to a specific folder inside your WordPress (or any folder) directory to a specific user without installing the FTP service. SFTP is one way to achieve that. Follow these steps:
Assuming:
$ sudo useradd -d /var/www/myvhost/the_shared_folder myuser
$ sudo passwd myuser
2. Disable shell login on myuser:
$ sudo usermod -s /bin/false myuser
3. Configure ssh:
$ sudo nano /etc/ssh/sshd_config
...
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
4. Restart ssh service:
$ sudo service ssh restart
5. Correct the permissions:
Make myuser is the owner of the_shared_folder:
$ sudo chown -R myuser:www-data /var/www/myvhost/the_shared_folder
Parent directory (the vhost) should be own root user and root group (? need to check):
$ sudo chown root:root /var/www/myvhost
While users in the www-data group still have write access:
$ sudo chmod -R g+w /var/www/myvhost/the_shared_folder
6. Use a FTP client (like FileZilla) to make SFTP connections to your server using myuser and enjoy.
References:
[0] http://shapeshed.com/chroot_sftp_users_on_ubuntu_intrepid/
[1] http://askubuntu.com/questions/244406/how-do-i-give-www-data-user-to-a-folder-in-my-home-folder
[2] http://unix.stackexchange.com/questions/155291/provide-sftp-read-write-access-to-folder-and-subfolders-restrict-all-else
[3] http://superuser.com/questions/19318/how-can-i-give-write-access-of-a-folder-to-all-users-in-linux
Assuming:
- myuser: the user you want to grant access.
- /var/www/myvhost: is a WordPress installation directory.
- /var/www/myvhost/the_shared_folder (or the wp-content folder): is a folder inside your WordPress root you want to grant access to myuser.
$ sudo useradd -d /var/www/myvhost/the_shared_folder myuser
$ sudo passwd myuser
2. Disable shell login on myuser:
$ sudo usermod -s /bin/false myuser
3. Configure ssh:
$ sudo nano /etc/ssh/sshd_config
...
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
...
Match User myuser
X11Forwarding no
ChrootDirectory /var/www/myvhost/the_shared_folder
AllowTcpForwarding no
PermitTunnel no
ForceCommand internal-sftp
...
4. Restart ssh service:
$ sudo service ssh restart
5. Correct the permissions:
Make myuser is the owner of the_shared_folder:
$ sudo chown -R myuser:www-data /var/www/myvhost/the_shared_folder
Parent directory (the vhost) should be own root user and root group (? need to check):
$ sudo chown root:root /var/www/myvhost
While users in the www-data group still have write access:
$ sudo chmod -R g+w /var/www/myvhost/the_shared_folder
6. Use a FTP client (like FileZilla) to make SFTP connections to your server using myuser and enjoy.
References:
[0] http://shapeshed.com/chroot_sftp_users_on_ubuntu_intrepid/
[1] http://askubuntu.com/questions/244406/how-do-i-give-www-data-user-to-a-folder-in-my-home-folder
[2] http://unix.stackexchange.com/questions/155291/provide-sftp-read-write-access-to-folder-and-subfolders-restrict-all-else
[3] http://superuser.com/questions/19318/how-can-i-give-write-access-of-a-folder-to-all-users-in-linux