Granting a sftp user access to a /var/www directory

Solution 1:

This is the process:

1. Add the user to the group: sudo usermod -aG www blub as in Whats the simplest way to edit and add files to "/var/www"?

   or just use sudo adduser <username> www-data

2. Install vsftpd sudo apt-get install vsftpd

3. Configure vsftpd for remote access: sudo nano /etc/vsftpd.conf and inside the file set

   chroot_local_user=YES
   

   and ensure this is commented out:

   #chroot_list_enable=YES
   

   as per documentation.

4. Restart nsftp: sudo service vsftpd restart

5. Configure the user's home directory to the web directory (not in /home):

   sudo usermod -d /var/www/mysite/ftpaccessdir <username>
   

6. Configure ssh chroot

   sudo nano /etc/ssh/sshd_config
   

   add the following to the end:

   Subsystem  sftp  internal-sftp
   Match user <username>
       ChrootDirectory /var/www/site
       ForceCommand internal-sftp
   AllowTcpForwarding no
   

   and ensure that further up in the file that this is commented out (ie before the one you just added)

   #Subsystem sftp /usr/lib/openssh/sftp-server
   

7. Restart ssh

   sudo service ssh restart
   

8. Change the permissions for apache:

   chown root:root /var/www
   chown root:root /var/www/site
   chmod 755 /var/www
   

   As in the docs here.

9. Ensure that your directory has www-data access

   sudo chown -R www-data:www-data /var/www/site
   chmod 755 /var/www/site
   

Solution 2:

If you are getting connection refused error at end then make sure that "Subsystem sftp internal-sftp" is place after "UsePAM yes". If not then update and Restart ssh and it worked.

Solution 3:

I've a simple method and that worked for me for apache.

sudo useradd -d /var/www demo_user -g www-data
sudo passwd demo_user
sudo service ssh restart

That's it in case you still face permission issue use chmod and chown to address them according to your needs.