Timeline for Allowing SSH/SFTP access to only part of file system
Current License: CC BY-SA 4.0
14 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Aug 3, 2024 at 11:41 | comment | added | TSG | I have requested technical support from a vendor of a WordPress plugin, who needs access to the /var/www/html directory, but for security reasons I want to keep them out of the rest of the system. | |
| Aug 1, 2024 at 2:29 | comment | added | muru |
@TSG why? Does your web server actually need to write to /var/www/html?
|
|
| Jul 31, 2024 at 17:24 | comment | added | G-Man Says 'Reinstate Monica' | This question is similar to: Restricting an SSH/SCP/SFTP user to a directory. If you believe it’s different, please edit the question, make it clear how it’s different and/or how the answers on that question are not helpful for your problem. | |
| Jul 31, 2024 at 16:12 | history | edited | TSG | CC BY-SA 4.0 |
added 313 characters in body
|
| Jul 31, 2024 at 15:31 | history | edited | TSG | CC BY-SA 4.0 |
added 224 characters in body
|
| Jul 31, 2024 at 15:25 | review | Close votes | |||
| Aug 16, 2024 at 3:07 | |||||
| Jul 31, 2024 at 15:12 | comment | added | TSG | That question (and solution) assume that root is the owner of the directory in question. In my case, the /var/www/html directory must be owned by apache...and I can't change that (without messing up web services) | |
| Jul 31, 2024 at 15:09 | comment | added | muru | The reason you need to restrict permissions on the directory is that theoretically it's possible for them to break out of the chroot jail if they can modify the chroot directory. | |
| Jul 31, 2024 at 15:06 | comment | added | Stéphane Chazelas | Possible duplicate of Restricting an SSH/SCP/SFTP user to a directory | |
| Jul 31, 2024 at 15:04 | comment | added | Stéphane Chazelas |
Searching for sftp chroot should point you in the right direction.
|
|
| Jul 31, 2024 at 15:03 | comment | added | TSG | Actually SFTP would be fine! (Didn't think of that). Still unsure of how to do this, but I'll update my question. | |
| Jul 31, 2024 at 15:02 | history | edited | TSG | CC BY-SA 4.0 |
added 215 characters in body
|
| Jul 31, 2024 at 15:02 | comment | added | Stéphane Chazelas |
ssh or sftp? If ssh, they'd also need access to the shell and whatever command they need to use over ssh.
|
|
| Jul 31, 2024 at 15:01 | history | asked | TSG | CC BY-SA 4.0 |