How to create sftpuser vor /var/www Directory? - sftp

I'm setting up a new server and want to have a sftpuser for our /var/www/ directory to upload webcontent without installing a ftp server like proFTPD.
Did u can help me to do this? I just know how about with a FTP Server like proFTPD.
Best regards

Create user:
sudo useradd -d /var/www username
Set them a password:
sudo passwd username
Open the /etc/ssh/sshd_config file and append the below given code. (Remember to replace "username" with username you have created):
subsystem sftp internal-sftp
Match User username
ChrootDirectory %h
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
Restart the ssh :
sudo service ssh restart
Now it should work. There may be some ownership problems (just chown things for the user if they really need to use that).

Related

chroot SFTP- works only on user directory but not on other directories

on Ubuntu 20.04
I have a WordPress site on directory /var/www/site.com/public_html/
I created a staging site inside the mail directory /var/www/site.com/public_html/stagesite
I am trying to five access only to the stagesite folder to be accessed by developer to be able to edit and update files inside.
Steps taken
created user "developer" and group "restricted" and developer user is a restricted group user
updated the folder owner and permissions sudo chown -R root:root stagesite/ && sudo chmod -R 775 /stagesite
added to the end of sshd_config file /etc/ssh/sshd_config
Match Group restricted
# Force the connection to use SFTP and chroot to the required directory.
ForceCommand internal-sftp
ChrootDirectory /var/www/mainsite.com/public_html/stagesite
# Disable tunneling, authentication agent, TCP and X11 forwarding.
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
NOW tried to connect with Filezilla, it will not connect using SFTP
I tried adding sub-directory to the ChrootDirectory to be like below but still didn't connect
/var/www/mainsite.com/public_html/stagesite/wp-content
I was only able to connect when setting ChrootDirectory to the user home directory
/home/developer
It is required that all directories from the home of the chrooted user to the root must be owned by root:root and must not be group or world writable. This is probably not the case for fileadmin home directory.

Permission in google cloud sftp

I am using wordpress with google cloud and set it up for sftp connection. The permission to folders are 755 and files are 644. Even i have changed Cloud API access scopes to "allow full connection".
When i try to add plugin through wordpress backend it will ask me for ftp credentials unless i change to sudo chown -Rf www-data.www-data /var/www/html but then i can't upload or change any file through sftp unless i change sudo chown -R [my-user-name]:www-data /var/www/html.
So i have to change permissions every time i change something either through sftp or through backend.
I solved my problem like so.
First add your username(sftp username in mycase) in group www-data
then assign group www-data as an owner
and finally grant permission to www folder.
sudo adduser <username> www-data
sudo chown -R www-data:www-data /var/www
sudo chmod -R g+rwX /var/www
remember to restart filezilla or any sftp client you are using so the changes can take effect.
I think this one might be considerd off-topic as this is a linux permissions issue and not a Google Cloud one, and it have been answered many times. Usually done by adding your linux user to the webserver group.
Whats the simplest way to edit and add files to “/var/www”
www-data permissions?
[SOLVED] Can't Post Files to /var/www using Filezilla via SFTP on ...

"mount --bind" disappear directory for user

I have a server setup with multiple sites running with nginx
/var/www/site1.com
/var/www/site2.com
I want to create chroot users so I created a group and user
addgroup sftpgroup
adduser sftpuser1 -G stfpgroup
in my sshd_config I updated with:
Subsystem sftp internal-sftp
Match Group sftpgroup
ChrootDirectory /home
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
I am able to connect sftpuser1 via sftp and see the home directory, Now I want user to have access on site's folder at
/var/www/site1.com
so I connect sftpuser1 via sftp and created a folder /home/sftpuser1/sit1.com, Than with root login I created mount:
mount --bind /var/www/sit1.com /home/sftpuser1/sit1.com
Now when I login with sftp of stfpuser1 the folder '/home/sftpuser1/sit1.com' has disappeared
But when I login with root I can see the folder in user's directory and its displaying site1.com's content.
I checked the folder permission were changed to root:root, I chown to sftpuser1:sftpuser1 but still folder doesn't appear.
When I umount folder, its visibile to stfpuser1 again.
If the owner of /var/www/ is root and others don't have permission to read from it, then all the directories inside won't be visible to them.
I was able to do so, Here are the steps it took, in sshd_config:
Subsystem sftp internal-sftp
Match Group sftpgroup
ChrootDirectory %h
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
than I created user with:
useradd -g sftpgroup -d /var/www/site1.com site1user
At this point I make sure that /var/www/site1.com is owned by root
chown root:root /var/www/site1.com
than I created another directory where user will be able to write
mkdir /var/www/site1.com/http_docs
than I changed the permission to user:
chown site1user:sftpgroup /var/www/site1.com/http_docs
than I set the user password:
passwd site1user
and all seems to working as it should.

Make writeable dir for www-data and user

I'm new to Linux (using Debian). How to make writeable dir for user and for web-server?
I connect to server via ssh, upload my files. And run next commands:
sudo chown -R www-data:www-data writeable/
sudo chmod -R g+rw writeable/
Then nginx and php (running by www-data user) writes files to writeable. Auter that i do not able to edit or delete those files.
Please help me. I know what that question was asked a million times, but i could not to find solution.
Thanks!
not sure to understand, but I guess you want your dir to be writable for user "www-data" and for another user, let's call it "medvedev".
You can put both users in a group, and grant write permissions for owner (www-data) and group.
useradd -G medvedev www-data

Update wordpress theme on ec2

I'm hosting a wordpress site on ec2 and I'm trying to update my theme through the admin screen. Its asking me for Hostname and ftp username and password. Is ec2-xxx.compute-1.amazonaws.com:22 my hostname? I tried along with ec2user and root for my ftp username but no luck. What am I doing wrong?
Skip the FTP info altogether and just change the permission of the directory structure where Wordpress is installed.
VIA SSH
sudo chown -R apache:apache path/to/wordpress
sudo makes sure you execute as the root user
chown will change the owner of the directory
-R will make it recursive, so it changes all files and directories within
apache:apache is user:group
And then the path to wordpress. Could be /var/www/html/sitename.com or if you navigate to the folder where Wordpress is installed, you can use a period (.) to tell it to change the current directory.
This will make is so that you can't copy files via sftp though, so it is good to change at least the themes directory back to the ec2-user:ec2-user user and group.
So this changes back to your ssh/sftp user:
sudo chown -R ec2-user:ec2-user path/to/wordpress
You can assign the folders to the ftp user and the apache group and then make them group writable as well. This will allow you to ftp into the directory, and allow everything to be auto updated within Wordpress.
// Set the wp-contents into the apache group and then make files group writable
sudo chgrp -R apache wp-content
sudo chmod -R g+w wp-content
// This makes new files created in wp-content and all of its sub-directories group-writable.
sudo chmod g+s wp-content
Then add this to wp-config.php to force Wordpress to update when only applying this wp-content:
define('FS_METHOD', 'direct');
You can also apply to the whole Wordpress install to auto update Wordpress and not just plugins/themes. If you do this, I would recommend putting your wp-config.php file one directory above your Wordpress install though, so you can lock it down separately.
EDIT: Whenever I am having permission troubles on EC2, I go to site root directory, and paste these lines in. I apply it to the whole Wordpress install these days:
sudo find . -type d -exec chmod 0755 {} \;
sudo find . -type f -exec chmod 0644 {} \;
sudo chown -R ec2-user:apache .
sudo chmod -R g+w .
sudo chmod g+s .
I use something similar on my Mac as well.
In your wp-config.php under directives add this line:
define('FS_METHOD', 'direct');
You can simply solve this problem by doing this via ssh:
sudo chown -R apache path/to/wordpress
then
sudo chmod -R 755 path/to/wordpress
Your hostname would be ec2-107-20-192-98.compute-1.amazonaws.com.
Your username will be the username you use to SFTP to the instance normally - ec2user for some instance types, ubuntu for Ubuntu AMIs, etc. EC2 generally doesn't use passwords, preferring SSH keys, so you'll have to set a password for your account by doing passwd on the commandline.
Try adding FTP credentials to wp-config.php: http://codex.wordpress.org/Editing_wp-config.php and http://codex.wordpress.org/Editing_wp-config.php#WordPress_Upgrade_Constants
That should make WP admin stop asking for FTP details. But depending on how you've set up permissions via the command line, may have to go to the command line to edit files like wp-config.php . And you may not have sufficient permissions to upload and for WP to unzip a theme.
As per other answers, I use SFTP with a server of ec2-xx-xxx-xx-xx.compute-1.amazonaws.com username of ec2-user
ec2-107-20-192-98.compute-1.amazonaws.com:22 represents both the hostname and the ssh port. (SSH is normally on port 22, though it can run on any port.)
Try just ec2-107-20-192-98.compute-1.amazonaws.com in the hostname field.
I'm still skeptical of a webpage asking for a username and password. Seems a bit silly to me, since you should just use SFTP to directly upload whatever content you want using your SSH identity key instead of a password.
You could simply use 127.0.0.1 as hostname and check FTP in Wordpress ftp settings.
To resume what has been said:
user is the same you actually use to SSH/SFTP
password needs to be set/updated logging in via SSH and typing
sudo passwd your-user-name

Resources