Create new ssh user account to access specific folder only
You should be able to accomplish this with
adduser --home /var/www/specific_folder --shell /bin/bash --no-create-home --ingroup www-data --ingroup ssh tonya
adduser
is used to add a user--home
specifies home directory which is where the user will be when they log in--shell
is to specify the shell, by default it is usually just/bin/sh
which is not as user friendly as/bin/bash
--no-create-home
will not create the home directory so you must use one that already exists--ingroup
adds the user to specified groupthe last argument is the username
You could make the user jailed using this guide:
Please remember that even if you jail a user, it is very possible to escape a jail. If you're giving a user access to your system, you may as well be giving them root access because once they have shell access, it's almost always possible to gain root. Setting up a jail will most likely keep a basic user from doing anything too harmful but will do little to nothing to stop a malicious user from doing harmful stuff.
Related videos on Youtube
simple guy
Updated on September 18, 2022Comments
-
simple guy over 1 year
I have an apache2 server running on ubuntu 16.04, for now everytime i access my project files inside a specific folder i use root user for running php function and edit some files, after i finish i need to run
chown -R www-data:www-data .
inside a terminal, because after i run my php function the file owner will become user:user (root:root). what i need is:- Create new user for my server
- When access my server using ssh this user will be inside a specific folder automatically
- Grant this user a permission to do anything inside this specific folder
For example, Create a user named tonya, when someone access server using user tonya
ssh [email protected]
, he will be redirected to /var/www/specific_folder, user tonya can do anything inside this folder and when tonya set the php file owner or folder totonya:www-data
it will work like when i set the file owner towww-data:www-data
-
Panther about 6 yearsSee also askubuntu.com/questions/46331/…
-
simple guy about 6 yearswhy there's 2 ingroup? how can this user get my root access?
-
Desultory about 6 yearsone ingroup for ssh and one for www-data, and I'm not saying that they will be able to get root access but you should never allow a user on your system if you don't trust them because once they have shell access on your system, they're 50% the way to root basically. New exploits are discovered daily and because of that, you can never consider a system to be secure.
-
simple guy about 6 years@Desultroy when i change my php file owner from www-data:www-data to tonya:www-data it gives me a file permission error , when i try to access the php from browser
-
Desultory about 6 yearsYou should probably change the permissions of the file so that it is group based and not owner based. I don't know if php requires the execute permission but it definitely needs the read permission. Permissions can be explained here: help.ubuntu.com/community/FilePermissions