M BUZZ CRAZE NEWS
// general

Granting a sftp user access to a /var/www directory

By Emma Martinez

I've created a user and made his home directory /var/www/mysite/ftpdir

I've also added a Match user entry for this user in sshd_config with a ChrootDirectory that points to /var/www/mysite

I've restarted ssh to pick this up.

When I log in with sftp - the user still goes to the user's old directory ie /home/user

What am I missing?

1

3 Answers

This is the process:

  1. Add the user to the group: sudo usermod -aG www blub as in Whats the simplest way to edit and add files to "/var/www"?

    or just use sudo adduser <username> www-data

  2. Install vsftpd sudo apt-get install vsftpd

  3. Configure vsftpd for remote access: sudo nano /etc/vsftpd.conf and inside the file set

    chroot_local_user=YES

    and ensure this is commented out:

    #chroot_list_enable=YES

    as per documentation.

  4. Restart nsftp: sudo service vsftpd restart

  5. Configure the user's home directory to the web directory (not in /home):

    sudo usermod -d /var/www/mysite/ftpaccessdir <username>

  6. Configure ssh chroot

    sudo nano /etc/ssh/sshd_config

    add the following to the end:

    Subsystem sftp internal-sftp
Match user <username> ChrootDirectory /var/www/site ForceCommand internal-sftp
AllowTcpForwarding no

    and ensure that further up in the file that this is commented out (ie before the one you just added)

    #Subsystem sftp /usr/lib/openssh/sftp-server

  7. Restart ssh

    sudo service ssh restart

  8. Change the permissions for apache:

    chown root:root /var/www
chown root:root /var/www/site
chmod 755 /var/www

    As in the docs here.

  9. Ensure that your directory has www-data access

    sudo chown -R www-data:www-data /var/www/site
chmod 755 /var/www/site
6

I've a simple method and that worked for me for apache.

sudo useradd -d /var/www demo_user -g www-data
sudo passwd demo_user
sudo service ssh restart

That's it in case you still face permission issue use chmod and chown to address them according to your needs.

If you are getting connection refused error at end then make sure that "Subsystem sftp internal-sftp" is place after "UsePAM yes". If not then update and Restart ssh and it worked.

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

More in general

"Zoraya ter Beek, age 29, just died by assisted suicide in the Netherlands. She was physically healthy, but psychologically depressed. It's an abomination that an entire society would actively facilitate, even encourage, someone ending their own life because they had no hope. Th…"

"Absolutely my pleasure, mate. It is a really incredible piece, and if it’s not featured in Substack Reads I will immediately raise a militia and….uh….then we’ll stand around grumbling and handing out leaflets (I’m British, this is how we do over here). Magically well done. And…"