SFTP – Setting Up SFTP with Filezilla to Access Files Outside Home Directory

command linepermissionsserversftpWordpress

I have an ec2 instance on AWS which already installed a few WordPress-es in it. I want to set things up to let more people handle their own projects, with me also being able to go into the server using terminal if I still want to.

I have been following tutorials such as
How to setup a restricted SFTP server on Ubuntu? and a few others. I figured all of them just teach users how to sftp into their own home folder, also the steps keep saying addUser but some users already existed and removing them might cause some issue.

How can I give existing users the permission to use SFTP for WordPress projects?

Let's say all my WordPress projects are already under /var/www/ which has already been set up with www-data:www-data.

Really new with setting things like this.

Thanks in advance for any help.

Best Answer

Here I'm assuming you are able to ssh/sftp to your user's home directory successfully and you want to edit (with your user) files and folders under /var/www that are owned by user and :group - www-data:www-data (without changing their ownership).

Here I'm assuming also the topic How to avoid using sudo when working in /var/www? doesn't cover you needs. For example you don't want to change the permissions under /var/www.

I think the most easiest and clear way to solve this task is to mount /var/www (or certain directory inside) into your user's home directory and change the owner to your user and :group. This could be achieved by the tool bindfs:

sudo apt update && sudo apt install bindfs

Here we will mount the entire directory /var/www in a directory called also www/ and located in your user's home directory.

mkdir "$HOME/www"
sudo bindfs -u $(id -u) -g $(id -g) --create-for-user=www-data --create-for-group=www-data /var/www "$HOME/www"

The command substitutions $(id -u) and $(id -g) will return the UID and GID of the current user.
If you want to execute the above command for another user use $(id -u <user>) and $(id -g <user>). Where <user> is an actual username.
For more details about the arguments used with bindfs read its manual page - man bindfs.
If you want to un-mount ~/www ($HOME/www) use the command:
```
sudo fusermount -u ~/www
```

To mount /var/www in ~/www automatically during the system startup add the following line into the bottom of /etc/fstab:

bindfs#/var/www /home/<user>/www fuse force-user=<uid>,force-group=<gid>,create-for-user=www-data,create-for-group=www-data 0 0

Note: you should replace <user> with the actual username; also should replace <uid> and <gid> with the actual UID and GID of the <user>, you can find them by the commands: id -u <user> and id -u <user>.

To see the result reboot the system or execute:

sudo mount -a    # maybe you should execute `sudo fusermount -u ~/www` first

Here is animated demo how this works:

Update:

The only limitation of this approach that I found is when you change the ownership of the bind directory this will change the ownership also for the source directory. For example the next command is not a good idea:

chown -R $(id -u):$(id -g) $HOME/www

Maybe there is a suitable option for the bindfs command that will prevent this to happen, but I can't tell that at the moment.

Notes:

Best Answer

Related Solutions

Using SFTP with SSH ForceCommand Directive – Configuration Guide

Related Question