So, I am trying to do the following. I have a DigitalOcean Ubuntu server with SSH keys login by default.
I need to create another user that should only have access to the /var/www/mysite.com/public/b folder. My process was the following:
1. Creating a new user using the following command:
adduser
--home /var/www/mysite.com/public/b
--shell /bin/bash
--no-create-home
--ingroup www-data
--ingroup ssh
testuser
2. Then, as I wasn't sure how to handle this with a keypair, I enabled password login via SSH in the sshd_config file like this:
PasswordAuthentication yes
3. After doing this I was able to open the site via both SSH and SFTP with the user and password combination, but the user had access to everything.
4. I tried using this inside sshd_config in order to limit the user to his home folder:
Subsystem sftp internal-sftp
......
Match User testuser
ChrootDirectory /var/www/mysite.com/public/b
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
5. After adding that part I was no longer able to login via SSH.
I checked the /var/log/auth.log file and the error related to this was:
fatal: bad ownership or modes for chroot directory component "/var/www/mysite.com/"
The ownership of my site is www-data:root throughout all the folders.
The permissions are like this:
]
Another issue I was having was that even when I managed to connect I wasn't able to upload anything, even after adding the user to the root group nothing changed. I tried owning the folder with www-data:www-data but there was no difference.
Is there an easy way to do this?
