Wednesday, June 3, 2015

Create a SFTP access only user to transfer files from and to a WordPress installation

So I heard that you want to enable FTP access (read + write) to a specific folder inside your WordPress (or any folder) directory to a specific user without installing the FTP service. SFTP is one way to achieve that. Follow these steps:

  • myuser: the user you want to grant access.
  • /var/www/myvhost: is a WordPress installation directory.
  • /var/www/myvhost/the_shared_folder (or the wp-content folder): is a folder inside your WordPress root you want to grant access to myuser.
1. Create the user and specify the shared folder as her home directory:

$ sudo useradd -d /var/www/myvhost/the_shared_folder myuser
$ sudo passwd myuser

2. Disable shell login on myuser:

$ sudo usermod -s /bin/false myuser

3. Configure ssh:

$ sudo nano /etc/ssh/sshd_config

#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
Match User myuser
        X11Forwarding no
        ChrootDirectory /var/www/myvhost/the_shared_folder
        AllowTcpForwarding no
        PermitTunnel no
        ForceCommand internal-sftp

4. Restart ssh service:

$ sudo service ssh restart

5. Correct the permissions:

Make myuser is the owner of the_shared_folder:
$ sudo chown -R myuser:www-data /var/www/myvhost/the_shared_folder

Parent directory (the vhost) should be own root user and root group (? need to check):
$ sudo chown root:root /var/www/myvhost

While users in the www-data group still have write access:
$ sudo chmod -R g+w /var/www/myvhost/the_shared_folder

6. Use a FTP client (like FileZilla) to make SFTP connections to your server using myuser and enjoy.