Question

How to give limited SFTP access to a web developer

I really don’t want to install a ftp client. How could I give SFTP access to a developer and have him limited to one directory i.e /var/www/htm/temp/

He should have full read and write access to everything above /temp Ideally, if he tries to login in via ssh it wold not allow it. I’ve read several tutorials now and tried different things with chroot, but just can’t seem to get it correct. Thanks for any help!

I’m using the latest Ubuntu LTS version.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

I recommend using this method:

http://blog.netgusto.com/solving-web-file-permissions-problem-once-and-for-all/

mount the /var/www/htm/temp directory into his home directory (using the above method), and do not give his user sudo. (if you have not given him sudo yet, he wont have it by default)

that way he can ssh in all he wants but wont be able to do much of anything, but will have fill access to the /temp directory and that directory will be able to use the webserver still.

Create a chroot jail to fully isolate him from your system…

Alternatively, set proper permissions on the directories and usermod his user to /sbin/nologin. In addition to that, add the methods/functions you wish to disable in PHP.ini via disable_functions (exec,shell_execpopen,system,show_source,passthru,proc_open,phpinfo, etc).

Edit: I missed that you wanted SFTP as well, look into the internal-sftp subsystem of OpenSSH.

Thanks Contex, can you recommend a good tutorial on chroot jail?