I currently setup a single user on my virtual host like this:
sudo useradd -d /website/ -m user -s /usr/bin/rssh sudo chown root:root /website/ -R #Don't get why I need this part but doesn't work without! sudo chmod 755 /website/ sudo chown -R user:www-data /website/public_html sudo chmod 755 /website/public_html
This works for
user to add and edit folders and files within
I now want to be able to add other users with the ability to add and edit folders and files within
/website/public_html. The issue with this, is that if I get into using groups and add users to the group
www-data and change the chmod to 775 the users will then be able to edit other virtual hosts websites for example
All users (as you can see above) can only access the server through sftp (
-s /usr/bin/rssh). Users are also locked to their home directories with the help of settings from
sshd_config†. As of that I suppose I could add all the users to the same group (
chmod 775 the directory or is that not safe ?
For example here someone mentions that giving the virtual hosts
775 permissions may allow for users to insert php scripts that could delete everything. But without it being
775 this also does not allow for php to create files.
Match user user ChrootDirectory /website/ ForceCommand internal-sftp AllowTcpForwarding no GatewayPorts no X11Forwarding no
You can create a new group for each virtual host and add www-data and other granted users to this. Then set that group as the owner of your files (chown). With specifying an appropriate permission (like 775) you will be there.