Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-01-2012, 12:37 PM
|
#1
|
LQ Newbie
Registered: Jul 2012
Posts: 15
Rep:
|
Create User restricted to var/www/ with editing abilites
My goal is to make a basic user who can edit our website through sftp/ssh but not have access to the system directories. This seems like a very common need, but what I'm seeing is long process of creating a chroot jail.
I've tried adding the following to the sshd_config file, but it gave a bad config error.
Match Group newGroup
ChrootDirectory /var/www
AllowTCPForwarding no
X11Forwarding no
ForceCommand /usr/lib/openssh/sftp-server
It seems like there should be the ability to create a user and set them to a webedit group and set their home directory, and that be it.
Thanks for any help.
|
|
|
08-01-2012, 12:49 PM
|
#2
|
LQ Guru
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
|
A jail would be the way to go but if you don't want to do that you might investigate access control lists (ACLs). You might be able to give the functionality you want using them.
If you do a web search for "Linux ACL tutorial" you'll find many links including the one below:
http://www.linux-tutorial.info/modul...=5&manpage=acl
Additionally you might think about giving the user access via sudo so they can become the user that owns the files you want them to be able to change.
|
|
|
08-01-2012, 12:59 PM
|
#3
|
LQ Newbie
Registered: Jul 2012
Posts: 15
Original Poster
Rep:
|
This article on sudo users looks promising. If there's a better way to go about this let me know. thanks
Sudo User Setup
Mensa just read your post. Thanks, I'll read on ACL as well.
Last edited by Wad3; 08-01-2012 at 01:00 PM.
|
|
|
08-01-2012, 01:30 PM
|
#4
|
LQ Newbie
Registered: Jul 2012
Posts: 15
Original Poster
Rep:
|
To be safe with permissions, I want to ask first...
So to give RW access to my var/www/html folder to group 'webadmin' I would do the following?
Quote:
[root@locahost ~]# setfacl -m g:webadmin:rw /var/www/html
|
And then add user1 to webadmin group?
|
|
|
08-02-2012, 01:28 AM
|
#5
|
Senior Member
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Ubuntu 12.04, Antix19.3
Posts: 3,797
|
I never use /var/www. My websites are stored in a user's home directory and Apache reads from there. If you use the vsftp daemon, it's a matter of one line in the config (if I'm not mistaken) that will jail the user to his/her home directory (for ftp).
And to be honest, I really don't get the default directories used for apache and mysql being somewhere in /var.
|
|
|
All times are GMT -5. The time now is 11:02 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|