Multiple secured ftp accounts with separate home directory access using Ubuntu 16, NginX, vsftpd, letsencrypt
I have LEMP environment with Ubuntu 16 Xenial Xerus, NginX. I'm also using letsencrypt to encrypt my sites.
Hyperthetically say I have two developers (myuserA1 & myuserB2) working on two of my sites ( mySiteX1.com, mySiteY2.net ).
myuserA1 working on website mySiteX1.com and
myuserB2 working on website mySiteY2.net
Now
1) I'd like myuserA1 to Access (read, write) only the home directory(and sub folders) of mySiteX1.com, nothing else, so myuserB2 to mySiteY2.net
2) I'd like users to connect with some sort of secure way
I have followed various documentation and ways and couldn't make this right,
earlier
1) I was able to do above with ftp access without encryption
2) I was able to do users to assign each directory with read write access, but also let the users to access root directory (read only) This shouldnt happen.
3) I was able to do users to assign each directory with read only access, This shouldnt happen.
Now I have went through following documentation
https://www.digitalocean.com/community/tutorials/how-to-configure-vsftpd-to-use-ssl-tls-on-an-ubuntu-vps
and done following steps
4) I'm stucked again, this time I cant even login, access denied.
Please help
-> Created a group
groupadd myGroup
-> add two users
adduser myuserA1
adduser myuserB2
-> with password
password123
-> add users to the group
usermod myuserA1 -g myGroup
usermod myuserB2 -g myGroup
-> no shell access?
usermod myuserA1 -s /bin/false
usermod myuserB2 -s /bin/false
->Set the home directory
usermod myuserA1 -d /var/www/mySiteX1.com/html
usermod myuserB2 -d /var/www/mySiteY2.net/html
->
sudo usermod -a -G myGroup myuserA1
sudo usermod -a -G myGroup myuserB2
-> Change owenership
sudo chown -R myuserA1:myGroup /var/www/mySiteX1.com/html
sudo chown -R myuserB2:myGroup /var/www/mySiteY2.net/html
My vsftpd.conf like following- full
listen=NO
listen_ipv6=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem ##? Is this correct?
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key ##? Is this correct?
anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES
allow_writeable_chroot=YES
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
My sshd_config looks like follow - part of
UsePAM yes
ClientAliveInterval 120
ClientAliveCountMax 2
Subsystem sftp internal-sftp
Match Group myGroup
ChrootDirectory %h
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
Its not completely clear to me now what you want and what isn't working. You probably want to chown the root directory
/var/www/site1
to root and thehtml/
to your user.Be sure you choose between SFTP and VSFTP. If you want to use the tutorial mentioned above, don't follow the steps you have done here but follow the ones in that tutorial; Don't do both