To help narrow this down I think it’s something in Linux that’s the issue. As when I installed the plugin ssh sftp support everything is working beautifully. Ideally I wouldn’t need this though :)

@danfoote104227

If you’ve created a new user:group and changed the ownership of all files and directories to the newly created user, then set all directories with a CHMOD 0755 and files with a CHMOD of 0644, you really shouldn’t need a more complex setup. When a user owns the files and directories, it should be able to access them as needed without the use of a plugin or SSH keys.

i.e.

sudo useradd -d /var/www/html exampleuser \
&& chown -R exampleuser:exampleuser /var/www/html

Running the following command will recursively change all directories to CHMOD 0755:

find /var/www/html -type d -exec chmod 755 {} \;

Then, we’ll handle files by setting the CHMOD to 0644

find /var/www/html -type f -exec chmod 644 {} \;

Using plugins and setting SSH keys for SFTP uploads seems to be overkill and the above is a far more simple solution that I’ve used in the past without any issues.

@danfoote104227

From a security standpoint, each user should always have their own account.

What you’re talking about is changing the user that PHP-FPM runs as, and yes, you can and should do that. You’ll want to look in:

/etc/php/7.1/fpm/pool.d/

By default, there’s only a single file in that directory and that’s www.conf which uses www-data as the default user. To setup a PHP-FPM instance for each user, you’d simply copy that file to a new one and change the configuration within it.

For example, let’s say we have user1, user2, user3. In the above directory, create:

user1.conf
user2.conf
user3.con

by simply copying the existing www.conf to a new file. The command below creates the 3 new files we need for this example.

cp /etc/php/7.1/fpm/pool.d/www.conf /etc/php/7.1/fpm/pool.d/user1.conf \
&& cp /etc/php/7.1/fpm/pool.d/www.conf /etc/php/7.1/fpm/pool.d/user2.conf
&& cp /etc/php/7.1/fpm/pool.d/www.conf /etc/php/7.1/fpm/pool.d/user3.conf

Now, you’d simply create directories for each user and then a new user account for each:

sudo mkdir -p /home/{user1,user2,user3} \
&& sudo useradd -d /home/user1 user1 \
&& sudo useradd -d /home/user2 user2 \
&& sudo useradd -d /home/user3 user3

Now we need to edit our newly created PHP-FPM configuration files and change a few specific values before we restart PHP-FPM. The lines you want to look at changing are:

[www]

user = www-data
group = www-data

and

listen = 127.0.0.1:9000

In the first, change [www] to the username (i.e [user1] …). You’ll then set the user and group to the same username. Finally, increase the port # by one (i.e. 9000 becomes 9001, 9002, etc).

The reason we need to increase the port is because we can’t have two users listening in on the same port. Yes, it’s really that simple :-).

Now, once all 3 configuration files have been modified, restart PHP-FPM.

sudo service php7.1-fpm restart

Now, the biggest change is going to be how I setup NGINX in the guide I provided you with. If you look in this file:

/etc/nginx/config/php/php-fpm.conf

You’ll see where I defined the port that PHP-FPM connects on for that account. You’ll need to copy this file in to each server block instead of including it and then change the port. So what you’d end up with is a server block that looks like the below for each account instead of the slimmer one in that guide.

server {
    listen                                          80;
    server_name                                     yourdomain.com www.yourdomain.com;
    root                                            /home/yourdomain/htdocs/public;
    index                                           index.php index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;

        fastcgi_connect_timeout 60;
        fastcgi_send_timeout 180;
        fastcgi_read_timeout 180;
        fastcgi_buffer_size 512k;
        fastcgi_buffers 512 16k;
        fastcgi_busy_buffers_size 1m;
        fastcgi_temp_file_write_size 4m;
        fastcgi_max_temp_file_size 4m;
        fastcgi_intercept_errors off;

        fastcgi_param  PATH_INFO          $fastcgi_path_info;
        fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;

        fastcgi_param  QUERY_STRING       $query_string;
        fastcgi_param  REQUEST_METHOD     $request_method;
        fastcgi_param  CONTENT_TYPE       $content_type;
        fastcgi_param  CONTENT_LENGTH     $content_length;

        fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
        fastcgi_param  REQUEST_URI        $request_uri;
        fastcgi_param  DOCUMENT_URI       $document_uri;
        fastcgi_param  DOCUMENT_ROOT      $document_root;
        fastcgi_param  SERVER_PROTOCOL    $server_protocol;
        fastcgi_param  REQUEST_SCHEME     $scheme;
        fastcgi_param  HTTPS              $https if_not_empty;
        fastcgi_param  HTTP_PROXY         "";

        fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
        fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

        fastcgi_param  REMOTE_ADDR        $remote_addr;
        fastcgi_param  REMOTE_PORT        $remote_port;
        fastcgi_param  SERVER_ADDR        $server_addr;
        fastcgi_param  SERVER_PORT        $server_port;
        fastcgi_param  SERVER_NAME        $server_name;

        fastcgi_param  REDIRECT_STATUS    200;

    }
}

The only line in the PHP block that you need to change is fastcgi_pass 127.0.0.1:9000;. All you’re doing here is making sure the ports match up.

Once you have your 3 server blocks, 3 PHP-FPM configuration files, and you’re set:

nginx -s reload

NOTE: You could simply copy that file to another 2 files to make 3 and just modify the include line. This would probably be better down the line to reduce clutter, but for show, I’ve simply pasted the contents in to the server block.