I have an ec2 instance on AWS which already installed a few WordPress-es in it. I want to set things up to let more people handle their own projects, with me also being able to go into the server using terminal if I still want to.
I have been following tutorials such as
How to setup a restricted SFTP server on Ubuntu? and a few others. I figured all of them just teach users how to sftp
into their own home folder, also the steps keep saying addUser
but some users already existed and removing them might cause some issue.
How can I give existing users the permission to use SFTP for WordPress projects?
Let's say all my WordPress projects are already under /var/www/
which has already been set up with www-data:www-data
.
Really new with setting things like this.
Thanks in advance for any help.
Best Answer
Here I'm assuming you are able to ssh/sftp to your user's home directory successfully and you want to edit (with your user) files and folders under
/var/www
that are owned byuser
and:group
-www-data:www-data
(without changing their ownership).Here I'm assuming also the topic How to avoid using sudo when working in /var/www? doesn't cover you needs. For example you don't want to change the permissions under
/var/www
.I think the most easiest and clear way to solve this task is to mount
/var/www
(or certain directory inside) into your user's home directory and change the owner to your user and :group. This could be achieved by the toolbindfs
:Here we will mount the entire directory
/var/www
in a directory called alsowww/
and located in your user's home directory.The command substitutions
$(id -u)
and$(id -g)
will return the UID and GID of the current user.If you want to execute the above command for another user use
$(id -u <user>)
and$(id -g <user>)
. Where<user>
is an actual username.For more details about the arguments used with
bindfs
read its manual page -man bindfs
.If you want to un-mount
~/www
($HOME/www
) use the command:To mount
/var/www
in~/www
automatically during the system startup add the following line into the bottom of/etc/fstab
:<user>
with the actual username; also should replace<uid>
and<gid>
with the actual UID and GID of the<user>
, you can find them by the commands:id -u <user>
andid -u <user>
.To see the result reboot the system or execute:
Here is animated demo how this works:
Update:
The only limitation of this approach that I found is when you change the ownership of the bind directory this will change the ownership also for the source directory. For example the next command is not a good idea:
Maybe there is a suitable option for the
bindfs
command that will prevent this to happen, but I can't tell that at the moment.Notes:
SOS Directory Nightmare - Possible for a directory to have two different users with full access?
What is the "t" letter in the output of "ls -ld /tmp"?
How do I give www-data user to a folder in my home folder?
Permissions problems with /var/www/html and my own home directory for a website document root