You could use ACL. To set up ACL for Ubuntu 10.10, first mount the file systems with the acl option in /etc/fstab.
sudo vim /etc/fstab
UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx / ext4 defaults,acl 0 1
sudo mount -o remount,acl /
Then make a group to which a user may belong for this purpose.
sudo groupadd developers
sudo usermod -a -G developers $username
The user needs to log out and in again to become a member of the developers group.
Of course, do not do this if you have content in the /var/www directory that you want,
but just to illustrate setting it up to start:
sudo rm -rf /var/www
sudo mkdir -p /var/www/public
sudo chown -R root.developers /var/www/public
sudo chmod 0775 /var/www/public
sudo chmod g+s /var/www/public
sudo setfacl -d -m u::rwx,g::rwx,o::r-x /var/www/public
Then replace references to "/var/www" with "/var/www/public" in a config file and reload.
sudo vim /etc/apache2/sites-enabled/000-default
sudo /etc/init.d/apache2 reload
If we wanted to restrict delete and rename from all but the user who created the file:
sudo chmod +t /var/www/public
This way, if we want to create directories for frameworks that exist outside the
Apache document root or maybe create server-writable directories, it's still easy.
Apache-writable logs directory:
sudo mkdir /var/www/logs
sudo chgrp www-data /var/www/logs
sudo chmod 0770 /var/www/logs
Apache-readable library directory:
sudo mkdir /var/www/lib
sudo chgrp www-data /var/www/lib
sudo chmod 0750 /var/www/lib
Let's start
Create user ubuntu
sudo useradd ubuntu
Make password
sudo passwd ubuntu
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Create for SFTP only group
xxx@xxx:~$ sudo groupadd sftp_users
Add to a user "ubuntu" for SFTP only group
xxx@xxx:~$ sudo usermod -G sftp_users ubuntu
Make dir for sftp
access
sudo mkdir /ubuntu
Change owner, because read/write permission
sudo chown root.root /ubuntu/
Add permission
sudo chmod 755 /ubuntu/
Edit /etc/ssh/sshd_config
sudo nano /etc/ssh/sshd_config
Comment out and add a line like below
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
Add at the last
Match Group sftp_users
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory /ubuntu
ForceCommand internal-sftp
Restart ssh
service
sudo service ssh restart
With this cenfiguration you can ssh into folder ubuntu
and get files. Can not put
or delete
Try.
Edit 1
To sftp in right folder edit /etc/passwd
. Change line for user ubuntu
to look like this
sudo nano /etc/passwd
ubuntu:x:1001:1001::/ubuntu:
This will change user ubuntu home folder to your sftp server folder.
Enabling root
account is not good idea.
You can ssh to server with user1
.
If you add user user1
in sudoer group
you will be able to write in
folder /ubuntu/
and set appropriate permission
sudo adduser user1 sudo
Make folder, write in folder ubuntu. After actions you must set permission for user ubuntu
. Easiest way is to agai set permission to 755
sudo chmod 755 -R /ubuntu/
-R - option will give reading permission of all files and dir's for user ubuntu
Best Answer
In this case I would leave the directory ownership alone. To modify the permissions for that specific directory so that you can write to it, set read/write permissions, the command being
sudo chmod 766 -R /var/www/html
. This will assign full permissions7
for the owner, read/write6
for the group, and read/write for everyone6
, recursively.