Hi
I have installed Apache successfully on ubuntu 16.04 and configured for multiple domain. It works fine. Now I want to give one user to upload via sftp for 2 domains. Restrict that user from accessing rest of the domains.
Example folder structure /var/www/a.com /var/www/b.com /var/www/c.com /var/www/d.com /var/www/e.com
Planning to give permission for b.com, c.com domains to one user.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
You can chroot jail the user to their home folder, ie /home/bob, and put public_html folder in their home folder. This prevents them from seeing anything else on the system.
Wayne Sallee Wayne@WayneSallee.com
This comment has been deleted
To allow a user to upload files via SFTP for b.com and c.com while restricting access to the other domains, follow these steps:
1. Create the User
First, create the user that will have access to the specific domains. In this example, we’ll call the user sftpuser.
sudo adduser sftpuser
2. Set Directory Ownership and Permissions
Change the ownership of the b.com and c.com directories to the new sftpuser, ensuring they have write access to these directories but not to others.
sudo chown -R sftpuser:sftpuser /var/www/b.com
sudo chown -R sftpuser:sftpuser /var/www/c.com
For the other domains (a.com, d.com, e.com), make sure the user doesn’t have access by ensuring they’re owned by another user (e.g., www-data), and set proper permissions:
sudo chown -R www-data:www-data /var/www/a.com
sudo chown -R www-data:www-data /var/www/d.com
sudo chown -R www-data:www-data /var/www/e.com
sudo chmod -R 755 /var/www/a.com /var/www/d.com /var/www/e.com
3. Restrict SFTP Access in sshd_config
Next, restrict the user to only SFTP access and jail them to /var/www. Edit the SSH configuration file:
sudo nano /etc/ssh/sshd_config
Add or modify the following lines at the end of the file:
Match User sftpuser
ChrootDirectory /var/www
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
This will restrict sftpuser to the /var/www directory.
4. Set Permissions for Chroot
The Chroot directory (/var/www) must be owned by root and not writable by any other user. Run the following commands to set the correct permissions:
sudo chown root:root /var/www
sudo chmod 755 /var/www
5. Create Symlinks (Optional)
If you don’t want the user to see or navigate to the other domains, you can create symbolic links in the user’s home directory, pointing to the b.com and c.com directories.
mkdir /home/sftpuser/domains
ln -s /var/www/b.com /home/sftpuser/domains/b.com
ln -s /var/www/c.com /home/sftpuser/domains/c.com
Then, change the home directory in sshd_config:
Match User sftpuser
ChrootDirectory /home/sftpuser
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
Ensure /home/sftpuser is owned by root and /domains has appropriate permissions:
sudo chown root:root /home/sftpuser
sudo chmod 755 /home/sftpuser
sudo chown -R sftpuser:sftpuser /home/sftpuser/domains
6. Restart SSH
Finally, restart the SSH service to apply the changes:
sudo systemctl restart ssh
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.