Ubuntu – How to give a specific user access only to a specific folder and its contents

Apache2chownftppermissionsusers

I used

adduser <name>

and created a new user, andrew. Now I want to give him read/write access only to /var/www/sitename.com and its contents.

How am I supposed to do this?

I tried sudo chown andrew /var/www/sitename.com but he is still able to see all the folders and files under /var/www and other directories.

Best Answer

Changing the ownership to a designated user will not change the users default home directory specified in passwd file. Anyhow, You may achieve this in different ways. But to make it simpler do this by opening up a terminal;

Firstly make a back-up of your /etc/passwd file doing below;

sudo cp /etc/passwd /etc/passwd.back

Once done, edit the file (either with vi or nano), I prefer nano which is pretty easy;

sudo EDITOR=nano vipw /etc/passwd

Locate the created user. A line should reflect as below assuming the user is andrew;

andrew:x:1001:1001:andrew:/home/andrew:/bin/sh

Replace /home/andrew with /var/www/sitename.com & save the file by hitting CTRL+O then enter to save & then CTRL+X to exit. This will direct the user to specified directory. Login as the user and see whether it points to **/var/www/sitename.com by also checking for any permission issues. If permission issue persists, then add the user to the www-data group by doing below;

sudo adduser andrew www-data

EDIT: regarding the comment, I just had a quick search and found some more detail. Well, you may edit vsftpd.conf file located in /etc/ directory

sudo nano /etc/vsftpd.conf

un-comment (remove only the # if its there at the beginning) the following line;

chroot_local_user=YES

Note: Just to be safe, make a back-up of the configuration file before you make any changes to it.

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.back

Source: vsftpd.conf on Ubuntu

Hope it helps!

Related Solutions

Ubuntu – Give access to only specific directory for a sudo user

What you're asking for is essentially known as a jail, wherein a user is confined to a certain subset of the system (like say, the home folder). Fortunately, users on Linux already have a home folder setup, so you can just use this jail.

Now, setting up a jail is a complicated matter, and is out of the scope of this question.

Now, assuming you have a working jail, you can just bind the proper folder to the user home:

mount --bind /var/www/username /home/username/www

Although, this honestly is not a good option. If you're just hosting a user, allow them to connect over FTP and just jail them to their "home" (the folder they have admin to). There is no need for them to have a shell on your server.

The question you linked has a very good concept of how to jail users, but it only works with FTP and derivatives, not with raw SSH itself. And, as I mentioned before, running raw SSH is a really bad idea.

Finally, it seems as though you're acting as a web host. Why not just use a control panel like Froxlor? It takes care of most of the heavy lifting for you, and allows you to set quotas and other things that may be of interest. Plus it manages FTP jails and similar automatically for you, allowing you to bypass the headache that is jailing.

Best Answer

Related Solutions

Ubuntu – Give access to only specific directory for a sudo user

Related Question