I have huge problems creating a new SFTP user for our theme support

@2digit

Setting up SFTP isn’t all that difficult, though when it comes to SFTP, the base folder must be owned by root, thus setting up SFTP on a specific directory wouldn’t be possible as the point is to prevent users from being able to escape (in theory).

So if your home directory (for example) is:

/home/myuser/public_html

… and your themes directory is:

/home/myuser/public_html/wp-includes/themes

Then you won’t be able to setup SFTP on ./themes as ./wp-includes isn’t owned by root and you really don’t want it to be.

The way SFTP works, with the default modifications we’d normally make to SSH’s configuration is that the users defined home directory is owned by root and directories below it are owned by the user.

For example, if we create a home directory for a new user:

mkdir -p /home/newuser

… create a few directories below it:

mkdir -p /home/newuser/{public,private,logs}

Resulting in:

/home/newuser/public
/home/newuser/private
/home/newuser/logs

Then we add a new user and specify the home directory:

useradd -d /home/newuser newuser

The directory /home/newuser needs to be owned by root, else you won’t be able to login. The other directories we created can be owned by newuser and they should, but if that one directory isn’t owned by the root user, login will fail.

The only way around this would be to create an SFTP user on another directory and then sync the two using rsync or lsyncd, but that adds a little more complexity to something that should be simple.