Restrict access to other users so they can't see root files ever


#1

Hi guys, love the EasyEngine. I have an issue though:

I’m working with a couple contact designers to develop websites for various clients, and I’ve pitched them the idea of using EasyEngine to increase their performance. Before, my clients were on shared hosts that pretty much took care of this sort of thing already.

I have root access, as a root user with SSH as well as with sFTP on a non-root user with root permissions (part of the group as well as visudo). I need to make sFTP accounts for the designers, and for the client… but I want to make sure they ONLY HAVE ACCESS TO var/www/, rather than the entire server. It’s not about editing the files… I don’t want them to even see them.

This will increase security, and simplify things for them. My problem is… nothing I’m trying is working. Sure, I can chmod things, play with who’s in what group, and all that stuff… but no matter what I do, other users can still see and open any file on the server outside of /root/.

I also want to put a shortcut to www into their user home folder.

How do I do these two things? I’m fairly new to this stuff… which is precisely why I’m using EasyEngine in the first place… so if you could also include a list of commands to enter in your explanations rather than just saying “do that” and “do this” like I typically see here and everywhere else I look, that would be great.


#2

If you want to provide access to /var/www, reset www-data user’s password using command passwd www-data

Then with user www-data and new password your client and designer can log in via SFTP (port 22).

For sharing a single server with multiple users/clients/sites, you may need to wait till we get to - https://github.com/rtCamp/easyengine/issues?milestone=9&state=open


#3

So that’s the only answer? Modify www-data? There has to be a way to create a new user like any other user in Ubuntu, and limit that users access to only a specific directory. Come on. :stuck_out_tongue:


#4

There is of-course many ways to do what you want. You can find many tutorials on Google for them.

In case of EasyEngine, it will be handled when we will start working on “Shared Hosting” setup. As of now EasyEngine is setup for single-user, multiple-sites use case. Though you are free to create users and play with their permissions.

You may try - https://www.digitalocean.com/community/articles/how-to-set-up-proftpd-on-ubuntu-12-04 but at your own risk. We won’t be able to provide any support for them. Sorry.


#5