Jail new user to specified folder SFTP access, disable ssh, give permision to edit www-data files, install wordpress.

Hi guys, as the title say, i want to give new user SFTP access to folder so he/she can install wordpress alone without root and without ssh access, and be able to edit www-data files, and also i want him to be jailed only in the folder that i will specify so he cant snoop around my server.

i tried so much tutorials from google, but in the end user cant edit files created by wordpress itself or wordpress cant install plugins, when i set the file to be owned by the user wordpress cant install plugins, if i make www-data to own the files the user cant edit them. Im going nuts here if someone has step by step tutorial on what should i do please help me.

here is my sshd.config file

Match User user1
AllowTcpForwarding no
X11Forwarding no
ChrootDirectory %h
ForceCommand internal-sftp

my apache setup for the new subdomain is working.

Thanks in advance guys


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

i forgot to mention that i use apache2, and from all day testing i found out that i can edit the files in filezilla but through winscp i get (Upload of file … was successful, but error occurred while setting the permissions and/or timestamp) what is that? i thought that winscp is best for this kind of things. How can i implement your comment in apache2?

Hi @titanium

I would probably recommend that instead of running the site as www-data, you should run the site as that user.

That way, user1 has full control over their home directory - only accessibly thru SFTP, since you’ve added the ForceCommand internal-sftp. Then you setup Nginx to point to user1 home directory - and setup the PHP-FPM pool to being run as UID user1 and GID user1.