WebFaction
Community site: login faq

Is it possible to create a login that would allow a user to SFTP into a webapp's subfolder but not get anywhere else?

asked 02 Oct '12, 10:28

tclancy
861515
accept rate: 6%


Instructions for doing this are available in our documentation: Granting Access to Specific Users

permanent link

answered 02 Oct '12, 11:10

seanf
12.2k41836
accept rate: 37%

Ah perfect. Sorry for missing that.

(02 Oct '12, 14:50) tclancy

You're very welcome, and no need to apologize :)

(02 Oct '12, 15:00) seanf

Hi Sean and Webfaction Team,

I have never used WebFaction (but maybe will in a few days if I can do what I want ! :) )

My need is the same as tclancy so it seems to be possible. But I have read the link you gave him and unfortunately, I need some confirmation.

My need: I will have a website for my client on my webfaction server. Every day, a service will put a file on a "dedicated" ftp. By dedicated, I mean (that's what they want) that there will be only the file they put every day on it and they are the only to have the access.

If I understand well, I can create a SFTP user for them, create a specific directory on my server and give them the access only to this directory. In this case, when they will launch their SFTP command, they will be connected to this directory where they can put their file.

Can you confirm it works this way ?

On the second hand, I have to retrieve this file and import the data in my website. I will just have to launch simple script on my server, or maybe better, I have directly access to it from my website. Is it ok too ?

Sorry if my questions seem weird or even stupid... but this area is not my best !

Thanks for the answer, Have a great day,

Bastien

permanent link

answered 10 Feb '14, 16:51

bastien
724
accept rate: 0%

That's mostly correct, with the following exceptions:

If I understand well, I can create a SFTP user for them, create a specific directory on my server and give them the access only to this directory. In this case, when they will launch their SFTP command, they will be connected to this directory where they can put their file.

Not exactly - when the user connects via SFTP, they will be in whatever directory their SFTP client is configured to put them in. By default, that will be their home directory, ie /home/username. If they want to be in some other directory by default, then they can use their SFTP client's connection settings to control that.

On the second hand, I have to retrieve this file and import the data in my website. I will just have to launch simple script on my server, or maybe better, I have directly access to it from my website. Is it ok too ?

Sure, as long as you set the permissions on the directory so that both your SFTP user and your main user can access the contents, then you should have no problem doing that.

(10 Feb '14, 17:27) seanf

Thanks a lot Sean for the clear and so quick reply. I will try this soon.

(10 Feb '14, 20:22) bastien

That's mostly correct, with the following exceptions:

If I understand well, I can create a SFTP user for them, create a specific directory on my server and give them the access only to this directory. In this case, when they will launch their SFTP command, they will be connected to this directory where they can put their file.

Not exactly - when the user connects via SFTP, they will be in whatever directory their SFTP client is configured to put them in. By default, that will be their home directory, ie /home/username. If they want to be in some other directory by default, then they can use their SFTP client's connection settings to control that.

On the second hand, I have to retrieve this file and import the data in my website. I will just have to launch simple script on my server, or maybe better, I have directly access to it from my website. Is it ok too ?

Sure, as long as you set the permissions on the directory so that both your SFTP user and your main user can access the contents, then you should have no problem doing that.

permanent link

answered 10 Feb '14, 17:27

seanf
12.2k41836
accept rate: 37%

Hi,

I continue the thread where I wrote my first question. I am now a webfaction client :)

I have a main user called bastien and I created a new user called patrick. The new user has a home directory called /home/patrick. Patrick has only an access through sftp (no shell).

Every week, a file will be put in /home/patrick with sftp.

Bastien is the main user. So I thought he has the permissions to go in patrick's home directory, but it doesn't work.

I read the documentation and tried to change the permissions for Bastien doing : setfacl -Rm u:bastien:rw /home/patrick

It doesn't work: "permission denied". I think it's logical... but I don't know how to grant bastien the rights to access the patrick directoty. As patrick has only a sftp access, I do all these changes with the user bastien.

Thanks a lot for your answer (I am sure it's pretty easy !!!)

Bastien

permanent link

answered 28 Apr '14, 09:03

bastien
724
accept rate: 0%

I tried to do: su -s /bin/bash patrick After being connected as patrick, I wrote this: setfacl -Rm u:bastien:rw . setfacl -Rm g:bastien:rw .

So now, I can see the permission for user and group bastien for the directory /home/patrick, using getfacl .

But when I come back to user bastien in his home directory (/home/bastien), I tried to cp or mc a file, and "permission denied".

I don't know what to do more than having the permission rw on /home/patrick.

Thanks for your help

(28 Apr '14, 09:24) bastien
(28 Apr '14, 09:29) bastien
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×62
×37
×31

question asked: 02 Oct '12, 10:28

question was seen: 10,340 times

last updated: 28 Apr '14, 09:29

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM