Granting a sftp user access to a /var/www directory

Solution 1:

This is the process:

  1. Add the user to the group: sudo usermod -aG www blub as in Whats the simplest way to edit and add files to "/var/www"?

    or just use sudo adduser <username> www-data

  2. Install vsftpd sudo apt-get install vsftpd
  3. Configure vsftpd for remote access: sudo nano /etc/vsftpd.conf and inside the file set

    chroot_local_user=YES
    

    and ensure this is commented out:

    #chroot_list_enable=YES
    

    as per documentation.

  4. Restart nsftp: sudo service vsftpd restart
  5. Configure the user's home directory to the web directory (not in /home):

    sudo usermod -d /var/www/mysite/ftpaccessdir <username>
    
  6. Configure ssh chroot

    sudo nano /etc/ssh/sshd_config
    

    add the following to the end:

    Subsystem  sftp  internal-sftp
    Match user <username>
        ChrootDirectory /var/www/site
        ForceCommand internal-sftp
    AllowTcpForwarding no
    

    and ensure that further up in the file that this is commented out (ie before the one you just added)

    #Subsystem sftp /usr/lib/openssh/sftp-server
    
  7. Restart ssh

    sudo service ssh restart
    
  8. Change the permissions for apache:

    chown root:root /var/www
    chown root:root /var/www/site
    chmod 755 /var/www
    

    As in the docs here.

  9. Ensure that your directory has www-data access

    sudo chown -R www-data:www-data /var/www/site
    chmod 755 /var/www/site
    

Solution 2:

If you are getting connection refused error at end then make sure that "Subsystem sftp internal-sftp" is place after "UsePAM yes". If not then update and Restart ssh and it worked.

Solution 3:

I've a simple method and that worked for me for apache.

sudo useradd -d /var/www demo_user -g www-data
sudo passwd demo_user
sudo service ssh restart

That's it in case you still face permission issue use chmod and chown to address them according to your needs.