LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 08-01-2012, 01:37 PM   #1
Wad3
LQ Newbie
 
Registered: Jul 2012
Posts: 15

Rep: Reputation: Disabled
Create User restricted to var/www/ with editing abilites


My goal is to make a basic user who can edit our website through sftp/ssh but not have access to the system directories. This seems like a very common need, but what I'm seeing is long process of creating a chroot jail.

I've tried adding the following to the sshd_config file, but it gave a bad config error.

Match Group newGroup
ChrootDirectory /var/www
AllowTCPForwarding no
X11Forwarding no
ForceCommand /usr/lib/openssh/sftp-server

It seems like there should be the ability to create a user and set them to a webedit group and set their home directory, and that be it.

Thanks for any help.
 
Old 08-01-2012, 01:49 PM   #2
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,027
Blog Entries: 5

Rep: Reputation: 789Reputation: 789Reputation: 789Reputation: 789Reputation: 789Reputation: 789Reputation: 789
A jail would be the way to go but if you don't want to do that you might investigate access control lists (ACLs). You might be able to give the functionality you want using them.

If you do a web search for "Linux ACL tutorial" you'll find many links including the one below:

http://www.linux-tutorial.info/modul...=5&manpage=acl

Additionally you might think about giving the user access via sudo so they can become the user that owns the files you want them to be able to change.
 
Old 08-01-2012, 01:59 PM   #3
Wad3
LQ Newbie
 
Registered: Jul 2012
Posts: 15

Original Poster
Rep: Reputation: Disabled
This article on sudo users looks promising. If there's a better way to go about this let me know. thanks

Sudo User Setup


Mensa just read your post. Thanks, I'll read on ACL as well.

Last edited by Wad3; 08-01-2012 at 02:00 PM.
 
Old 08-01-2012, 02:30 PM   #4
Wad3
LQ Newbie
 
Registered: Jul 2012
Posts: 15

Original Poster
Rep: Reputation: Disabled
To be safe with permissions, I want to ask first...

So to give RW access to my var/www/html folder to group 'webadmin' I would do the following?

Quote:
[root@locahost ~]# setfacl -m g:webadmin:rw /var/www/html
And then add user1 to webadmin group?
 
Old 08-02-2012, 02:28 AM   #5
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
I never use /var/www. My websites are stored in a user's home directory and Apache reads from there. If you use the vsftp daemon, it's a matter of one line in the config (if I'm not mistaken) that will jail the user to his/her home directory (for ftp).

And to be honest, I really don't get the default directories used for apache and mysql being somewhere in /var.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
which user should own /var/www qwertyjjj Linux - Security 30 04-08-2011 08:56 PM
create restricted area user anaskoara Linux - Newbie 2 02-16-2011 12:17 PM
Need to create a restricted user(Centos) ankushpandit Linux - Newbie 7 09-10-2009 10:24 AM
Whenever I create a file in /var/www/html/, it is at permission 600 (forbidden) Josh1billion Linux - Software 4 03-18-2006 11:24 PM
editing and saving to /var/www/....... theSpinner Linux - Newbie 2 10-23-2002 04:01 AM


All times are GMT -5. The time now is 06:28 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration