On 13-08-18 03:31, mett wrote: > On Sun, 12 Aug 2018 13:18:23 +0200 > info at smallinnovations dot nl <i...@smallinnovations.nl> wrote: > >> On 12-08-18 06:55, mett wrote: >>> Hi, >>> >>> I m wondering about the best way to restrict a user after >>> he has ssh'd into his web folder. >>> >>> Up to now, the users I had were using only FTP >>> to log into their web folder, >>> and upload stuff in there >>> (chrooted in their folder with vsftpd). >> <snip> >>> The setup is a devuan server under jessie with apache2 providing >>> http server. >>> Then, I use php-fpm to tie user, web-server and php processes. >>> The passwd files is as below: >>> 'user01:x:9999:9999:user01,,,:/home/www/example.com/:/bin/bash'. >>> >>> TIA >>> _______________________________________________ >>> Dng mailing list >>> Dng@lists.dyne.org >>> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng >> When you intend to replace ftp you can start with limiting the user to >> use sftp only. No need to have a login shell. >> >> That part of my sshd_config looks like: >> >> Subsystem sftp internal-sftp >> Match group sftponly >> ChrootDirectory /home/%u >> X11Forwarding no >> AllowTcpForwarding no >> ForceCommand internal-sftp >> >> >> Grtz. >> >> Nick >> >> >> >> _______________________________________________ >> Dng mailing list >> Dng@lists.dyne.org >> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > Thanks a lot for the input. > I ll definitely have to do it at one point. > > Cheers, BTW I use this configuration combined with a symbolic link from /var/www/html/website to /home/%u/website. This way it is much safer then ftp, they cannot login while they still are able to maintain their own website. Rsync over SSH is another possibility but SFTP looks more like FTP and is more user friendly.
Grtz Nick
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
