Create new ssh user account to access specific folder only

I have an apache2 server running on ubuntu 16.04, for now everytime i access my project files inside a specific folder i use root user for running php function and edit some files, after i finish i need to run chown -R www-data:www-data . inside a terminal, because after i run my php function the file owner will become user:user (root:root). what i need is:

  1. Create new user for my server
  2. When access my server using ssh this user will be inside a specific folder automatically
  3. Grant this user a permission to do anything inside this specific folder

For example, Create a user named tonya, when someone access server using user tonya ssh [email protected], he will be redirected to /var/www/specific_folder, user tonya can do anything inside this folder and when tonya set the php file owner or folder to tonya:www-data it will work like when i set the file owner to www-data:www-data


Solution 1:

You should be able to accomplish this with

adduser --home /var/www/specific_folder --shell /bin/bash --no-create-home --ingroup www-data --ingroup ssh tonya
  • adduser is used to add a user

  • --home specifies home directory which is where the user will be when they log in

  • --shell is to specify the shell, by default it is usually just /bin/sh which is not as user friendly as /bin/bash

  • --no-create-home will not create the home directory so you must use one that already exists

  • --ingroup adds the user to specified group

  • the last argument is the username

You could make the user jailed using this guide:

  • Restrict SSH User Access to Certain Directory Using Chrooted Jail

Please remember that even if you jail a user, it is very possible to escape a jail. If you're giving a user access to your system, you may as well be giving them root access because once they have shell access, it's almost always possible to gain root. Setting up a jail will most likely keep a basic user from doing anything too harmful but will do little to nothing to stop a malicious user from doing harmful stuff.