chrooted sftp user with write permissions to /var/www

file-permissions debian apache-http-server sftp chroot

What I've done is to chroot my users to their home directories and then used mount --bind to create a link to it in their home directories.

I then used setfacl to make sure www-data maintans write permissions on new files in the directory. This effect will recurse into /var/www, which is what you want to do.

By setting g+s on the directory, all new files and directories created within it will inherit the group ownership from its parent.

useradd someuser
mkdir -p /home/someuser/www
mount --bind /var/www /home/someuser/www
chmod g+s /home/someuser/www
chown -R someuser:www-data /home/someuser/www
setfacl -d -m g::rwx /home/someuser/www

That should do the trick.

Make your mounts persistent

Obviously you want your mounts to still be there when you reboot the server. It's as simple as adding the mounts to your /etc/fstab. Not all providers let you touch this file, but most do.

Just add lines like this:

/var/www        /home/someuser/www        none        bind        0        0

You might want to reboot to make sure it works.

Related

Why does setting the bash prompt (PS1) manually cause root to have a $ instead of a #?
Start Windows batch file maximized
Can I edit the pixels of the UIImage's property CGImage
How to enable Pan and Zoom in a QGraphicsView
Assigning a keyboard shortcut for a specific Eclipse build configuration
How to parse command line output from c#?
Set Android IP,DNS,GATEWAY setting programmatically
Which has faster performance indexesOfObjectsPassingTest or filteredArrayUsingPredicate?
How to fix memory getting exhausted with PHPExcel?
programmatically changing webkit-transformation values in animation rules
cx_Oracle & Connecting to Oracle DB Remotely
Finding consecutive segments in a pandas data frame