Allow user for SSH in web root

Koda

4/3/24, 6:06 PM

I have a setup for nginx which has always worked well. I can create different users with multiple websites. (Debian 11)

For this I use the following commands

useradd -m myuser
mkdir -p /var/www
chmod -R 555 /var/www
mkdir -p /var/www/webuser
chown root:root /var/www/webuser

useradd webuser
usermod webuser -s /bin/false
usermod webuser -d /var/www/webuser

mkdir -p /var/www/webuser/html
mkdir -p /var/www/webuser/logs
chmod 750 /var/www/webuser/html
chmod 750 /var/www/webuser/logs

chown -R webuser:www-data /var/www/webuser/html
chown -R webuser:www-data /var/www/webuser/logs
chmod -R g+s /var/www/webuser/html

groupadd sftpGroup
usermod -a -G sftpGroup webuser

This is not yet a sshd_conf

Subsystem sftp internal-sftp
Match Group sftpGroup
    ChrootDirectory %h
    ForceCommand internal-sftp
    AllowTcpForwarding no
    X11Forwarding no

Is there a way to make the user webuser SSH access to his directory?

1 + 0

debian

ssh

Score:2

Server

Saxtheowl

4/4/24, 3:58 AM

Yes it is possible, first we need to change the shell for webuser usermod webuser -s /bin/bash then go to /etc/ssh/sshd_config and modifify accordingly:

Subsystem sftp internal-sftp

# For SFTP access with chroot
Match Group sftpGroup
    ChrootDirectory %h
    ForceCommand internal-sftp
    AllowTcpForwarding no
    X11Forwarding no

# For SSH access
Match Group sshGroup
    AllowTcpForwarding yes
    X11Forwarding no

then create a new Group groupadd sshGroup then usermod -a -G sshGroup webuser then restart ssh systemctl restart ssh and it should work

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Allow user for SSH in web root

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.