Restricting access to a directory for a user is a challenging task, nigh on impossible if you want security. In order to give a user access to a single directory, the folder itself and all parent folders above it in the hierarchy must be owned by root. This means they cannot be writable by anyone else, hence our problem.
The way you give a user restricted SFTP access to one directory is simple. You don’t give them access to the home directory:
Instead, we keep restricted access within the root of the server’s filesystem. You create a folder like so:
sudo mkdir -p /var/example
You can then set the owner of
/var/example to root:
sudo chown root:root /var/example
Now that this directory is owned by root, you can give the give root write permissions and give other users read and execute permissions with this command:
sudo chmod 755 /var/example
Now create the subdirectory which will be owned by the new user. This is where the user will be able to upload files:
sudo mkdir -p /var/example/uploads
Then change the ownership rights of the subdirectory to your new user:
sudo chown newuser /var/sftp/uploads
Set up the ssh_config so that you can use SFTP as the new user:
sudo nano /etc/ssh/sshd_config
Then add the following to the bottom of the file:
Match User newuser
The problem I ran into is that I wasn’t able to access these files from my home directory
The solution is to create a crontab using the following command – this will open the crontab file:
Then in the file, you can use a cronjob to move the file to the desired directory within the home directory:
0 6 * * * /bin/mv /var/example/uploads/file.html /var/www/html/path/to/directory
Press CTRL + C to leave the directory and your cronjob is now set up.
This is the workaround I went with… Maybe it’ll help you too!