My goal is to make a basic user who can edit our website through sftp/ssh but not have access to the system directories. This seems like a very common need, but what I'm seeing is long process of creating a chroot jail.

I've tried adding the following to the sshd_config file, but it gave a bad config error.

Match Group newGroup
ChrootDirectory /var/www
AllowTCPForwarding no
X11Forwarding no
ForceCommand /usr/lib/openssh/sftp-server

It seems like there should be the ability to create a user and set them to a webedit group and set their home directory, and that be it.

Thanks for any help.

A jail would be the way to go but if you don't want to do that you might investigate access control lists (ACLs). You might be able to give the functionality you want using them.

If you do a web search for "Linux ACL tutorial" you'll find many links including the one below:

http://www.linux-tutorial.info/modul...=5&manpage=acl

Additionally you might think about giving the user access via sudo so they can become the user that owns the files you want them to be able to change.

This article on sudo users looks promising. If there's a better way to go about this let me know. thanks

Sudo User Setup


Mensa just read your post. Thanks, I'll read on ACL as well.

To be safe with permissions, I want to ask first...

So to give RW access to my var/www/html folder to group 'webadmin' I would do the following?

And then add user1 to webadmin group?

I never use /var/www. My websites are stored in a user's home directory and Apache reads from there. If you use the vsftp daemon, it's a matter of one line in the config (if I'm not mistaken) that will jail the user to his/her home directory (for ftp).

And to be honest, I really don't get the default directories used for apache and mysql being somewhere in /var.