Allow the external contractor to access the apache web folder only. Option: SFTP imprisonment

advertisements

Following Problem: We run a CentOS webserver and would like to grant access for an external contractor which only needs to access our webfolder ''/var/www' to Modify/Upload files.

What I tried was setting up SFTP jailing (according to the following documentation: http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/), but I can't make it work because of the following reason: The whole webfolder has assigned the Apache User apache:apache as usual in CentOS. But SFTP needs to have root:root ownership otherwise following error appears:

fatal: bad ownership or modes for chroot directory component "/var/www/" [postauth]

So how can I setup SFTP or an other solution in order to keep the "www" folder apache:apache owned and allow an other user to access it?

Are there other options to solve this problem then SFTP or is SFTP the right thing to do?

Thank you in advance for your help!


Well, you'd need to make sure that you've set the proper permissions and ownership for the SFTP directory. Also, make sure the jailed user home directory is owned by root:root and chmod it to 755 (so 'Other' user can execute it)..

chown root:root /home/$SFTPUSER
chmod 755 /home/$SFTPUSER

Also, you'd need to make sure that the original web directory is owned by $SFTP user and apache, along with permission 2775.