SFTP Access Restricted with new Sudo Root User
So in attempts to secure my server a bit, I created a new user with su - root access and denied root login. Now I can't SFTP any files on my server through Filezilla with this user. These are the steps I took :
- Created new user, new pass, SSH'd to the server, checked it, checked that I could switch user to root (all went well)
- Edited
/etc/ssh/sshd_config
fromPermitRootLogin yes
toPermitRootLogin no
with Filezilla SFTP. - Restarted SSHD service.
- Double checked again to ensure that new user had root access via SSH. All was fine.
Now, unfortunately, when SFTPing through Filezilla with new user/pass, I can access and view all the directories/files in my server, but I can't open/read/edit them.
Is there a permissions setting I need to change as root user for new user to be able to do this? Have I some how shot myself in the foot?
Edit : Ok, so as root is chmod'd the file 777, and this allowed me to view/edit as new user, but is there a way to simply grant a user all of these permissions for SFTP, but not the public/anyone else?
With regard to your edit about how to limit permissions, a traditional Unix idiom is to have a wheel group. You can create a group, give membership to the group to the user logging in via SFTP, and then change the group on the files you wish to have your user edit to group. Once you've done that, you can use chmod to give the group permissions without granting those permissions to everyone.
Many Unix distributions will already have a wheel or root or admin group, which is good for making sure anyone who checks up on your work later (including you if you forgot what you did) doesn't have to guess at what's going on and why, but sometimes that group will already have extra permissions granted to it that you will not want automatically granted to your SFTP user. Additionally, depending on what files you're concerned with, other scripts and utilities may expect specific group permissions on these files and if you change them, things will unexpectedly break. For these reasons, you may want to check documentation specific to whatever flavor of OS you're using before you make this change.