A question can only have one accepted answer. Are you sure you want to replace the current answer with this one?
You previously marked this answer as accepted. Are you sure you want to unaccept it?
Write for DigitalOcean
You get paid, we donate to tech non-profits.
Find and meet other developers in your city.
Contribute to Open Source
I want to restrict my new created user. Only the /home/user section can be accessed. How can I do that?
I found the answer. For those seeking the same;
Create a new group
sudo addgroup exchangefiles
Create the chroot directory
sudo mkdir /var/www/GroupFolder/
sudo chmod g+rx /var/www/GroupFolder/
Create the group-writable directory
sudo mkdir -p /var/www/GroupFolder/files/
sudo chmod g+rwx /var/www/GroupFolder/files/
Give them both to the new group
sudo chgrp -R exchangefiles /var/www/GroupFolder/
after that i went to /etc/ssh/sshd_config and i added in the end of the file
Match Group exchangefiles
# Force the connection to use SFTP and chroot to the required directory.
# Disable tunneling, authentication agent, TCP and X11 forwarding.
Now I’m going to add new user with obama name to my group
sudo adduser --ingroup exchangefiles obama
now every thing is completly finish we need one commend to restart the ssh again
sudo service ssh restart
notice: the user now can’t do any thing out file directory I mean all his file must be in file Folder
Add comments here to get more clarity or context around a question. To answer a question, use the “Answer” field below.
Use permission 700 and make sure the folder owner is correct.
This is not the answer to the problem. example user will only be able to read the /home/example folder. Must not access the /
You can type !ref in this text area to quickly search our full set of tutorials, documentation &
marketplace offerings and insert the link!
I have seen a good few replies on the forum that have a similar problem. They stem from wordpress installs and nginx in the scenarios I have seen but its not limited to them and I wanted to learn the best way to move forwards. The tutorials talk about creating a user with sudo that isn't root, and here is my confusion.
When I created a droplet a username got created (dave) that I am thinking has sudo credentials. Is this the same as what the tutorial is speaking about. [here is an example tut](https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-server-blocks-virtual-hosts-on-ubuntu-16-04)
chown -R www-data:www-data domain.com/
chown -R $USER:$USER domain.com/
And so for a website to be able to run scripts like php wordpress needs to be like the first case otherwise we get a 403 and issues...
Also note that I am running a multisite folder
www-data:www-data does work and seems to be the solution (often touted) but for a multisite setup isnt ideal as each website should have a user I feel?
Thanks for secure insight in whats the best practise.
First , I like to thank DigitalOcean for their No nonsense straight to the point tutorials on how to setup everything about VPS linux , to get one with no experience like me to get my site up and running.
also , I do not have a digitalocean Droplet yet , as i learned about this site trying to manage VPS from other provider. so I hope someone can also help me with my question.
As per all tutorials here . I setup Vhost for a domain by creating folder in /var/ww/USER/public_html. this works just fine.
Also from tutorial here , i setup VSFTPD .. and i added ftp folder to /home/USER/ftp . this works as well . however, as a ftp user i have no access to my public_html folder . after upload , i have to use command line to move files from ftp folder to my public_html.
wouldn't be much easier to create public_html and Ftp folders under /home/USER account ?
I come from shared hosting plans , looking at the structure of my folder, i noticed this is how they created all my folders when i joined.
Can anyone tell me what is the benefit of going this direction and if doing this would allow ftp user access to public_html for file management.
Thank you so much.
For some reason, I got locked out of SSH access, and this is not at my droplet's, I have tried everything, and I am sure this is a firewall block at DO's level.
Here's what I tried:
* I tried to SSH to my droplet, takes forever then closes connection.
* I tried to SSH from a different computer on the same network, it's not working.
* I tried to SSH from same computer on different network, it's not working.
* I tried to SSH to a server (outside DO) then from this server tried to SSH to my droplet, it works.
* I tried to restore a snapshot that I had where everything were working, and then SSH again from my computer, not working.
* I purchased another droplet with a completely different IP and access of course, and tired to SSH from my computer, it's not working!
* ping to any droplet, it's not working.
* website access in browser, working.
I think I'm being blocked at some level, I've created a ticket support, but DO tech teams says they don't have such firewalls enabled.
Anyone had a similar experience? I'd appreciate the help.
I've noticed that I have a lot of sleeping MySQL processes. I tried killing them one by one but there are too many to do so. Does anyone know if there is an easier way to kill all sleeping processes at once?