You could use ACL. To set up ACL for Ubuntu 10.10, first mount the file systems with the acl option in /etc/fstab.
sudo vim /etc/fstab
UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx / ext4 defaults,acl 0 1
sudo mount -o remount,acl /
Then make a group to which a user may belong for this purpose.
sudo groupadd developers
sudo usermod -a -G developers $username
The user needs to log out and in again to become a member of the developers group.
Of course, do not do this if you have content in the /var/www directory that you want,
but just to illustrate setting it up to start:
sudo rm -rf /var/www
sudo mkdir -p /var/www/public
sudo chown -R root.developers /var/www/public
sudo chmod 0775 /var/www/public
sudo chmod g+s /var/www/public
sudo setfacl -d -m u::rwx,g::rwx,o::r-x /var/www/public
Then replace references to "/var/www" with "/var/www/public" in a config file and reload.
sudo vim /etc/apache2/sites-enabled/000-default
sudo /etc/init.d/apache2 reload
If we wanted to restrict delete and rename from all but the user who created the file:
sudo chmod +t /var/www/public
This way, if we want to create directories for frameworks that exist outside the
Apache document root or maybe create server-writable directories, it's still easy.
Apache-writable logs directory:
sudo mkdir /var/www/logs
sudo chgrp www-data /var/www/logs
sudo chmod 0770 /var/www/logs
Apache-readable library directory:
sudo mkdir /var/www/lib
sudo chgrp www-data /var/www/lib
sudo chmod 0750 /var/www/lib
Let's start
Create user ubuntu
sudo useradd ubuntu
Make password
sudo passwd ubuntu
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Create for SFTP only group
xxx@xxx:~$ sudo groupadd sftp_users
Add to a user "ubuntu" for SFTP only group
xxx@xxx:~$ sudo usermod -G sftp_users ubuntu
Make dir for sftp access
sudo mkdir /ubuntu
Change owner, because read/write permission
sudo chown root.root /ubuntu/
Add permission
sudo chmod 755 /ubuntu/
Edit /etc/ssh/sshd_config
sudo nano /etc/ssh/sshd_config
Comment out and add a line like below
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
Add at the last
Match Group sftp_users
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory /ubuntu
ForceCommand internal-sftp
Restart ssh service
sudo service ssh restart
With this cenfiguration you can ssh into folder ubuntu and get files. Can not put or delete
Try.
Edit 1
To sftp in right folder edit /etc/passwd. Change line for user ubuntu to look like this
sudo nano /etc/passwd
ubuntu:x:1001:1001::/ubuntu:
This will change user ubuntu home folder to your sftp server folder.
Enabling root account is not good idea.
You can ssh to server with user1.
If you add user user1 in sudoer group you will be able to write in
folder /ubuntu/ and set appropriate permission
sudo adduser user1 sudo
Make folder, write in folder ubuntu. After actions you must set permission for user ubuntu. Easiest way is to agai set permission to 755
sudo chmod 755 -R /ubuntu/
-R - option will give reading permission of all files and dir's for user ubuntu
Best Answer
In this case I would leave the directory ownership alone. To modify the permissions for that specific directory so that you can write to it, set read/write permissions, the command being
sudo chmod 766 -R /var/www/html. This will assign full permissions7for the owner, read/write6for the group, and read/write for everyone6, recursively.