HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   How to setup SFTP accounts via SSH? (http://www.howtoforge.com/forums/showthread.php?t=31981)

webwizzy 3rd March 2009 00:06

How to setup SFTP accounts via SSH?
 
Hello,

I am just finishing up building my first server. I am able to login to SFTP via my main SSH root account.

Now I want to create a SFTP user that will have full permissions for public_html as I will be using that account exclusively for uploading files and SFTP access, and not my root account. That user should not have SSH access or any other access.

Please tell me if its a good practise, and what commands I need to do it? I am not using any control panels, so only SSH.

man useradd is too complex for me.

Thank you

falko 3rd March 2009 20:28

You can add this at the end of /etc/ssh/sshd_config:

Code:

Match User someuser
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand /usr/lib/openssh/sftp-server

Restart SSH afterwards. someuser should then have SFTP access.

webwizzy 4th March 2009 00:26

After adding the above code, when I restarted sshd, it stopped and did not started again due to some error.

1. anyways, I have added a user through useradd, and he has sftp access by default. I also made him to be the only user to su to root, and disallowed root to login. Is this a good practise??

NOW, I am facing some permission problems. I am using nginx webserver.

- I have my folder structure like this: /home/username/public_html
- Owner of "home" and "username" is root. Fine!
- Owner of public_html is "nginx". Okay!

Now, I am unable to upload files as user "username" in public_html folder (which belongs to nginx). However, if I change the owner of public_html to "username", it works fine.

2. So, my question is how do I make my "username" to be able to add/delete files in folders of other users, except root ofcourse.

Thank you

falko 4th March 2009 14:58

You can add "username" to the group of the folder (make sure the group has write permissions on that folder).


All times are GMT +2. The time now is 12:36.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.