I have an apache2 server running on ubuntu 16.04, for now everytime i access my project files inside a specific folder i use root user for running php function and edit some files, after i finish i need to run chown -R www-data:www-data . inside a terminal, because after i run my php function the file owner will become user:user (root:root). what i need is:
- Create new user for my server
- When access my server using ssh this user will be inside a specific folder automatically
- Grant this user a permission to do anything inside this specific folder
For example, Create a user named tonya, when someone access server using user tonya ssh sonya@server.com, he will be redirected to /var/www/specific_folder, user tonya can do anything inside this folder and when tonya set the php file owner or folder to tonya:www-data it will work like when i set the file owner to www-data:www-data
You should be able to accomplish this with
adduser --home /var/www/specific_folder --shell /bin/bash --no-create-home --ingroup www-data --ingroup ssh tonya
adduseris used to add a user--homespecifies home directory which is where the user will be when they log in--shellis to specify the shell, by default it is usually just/bin/shwhich is not as user friendly as/bin/bash--no-create-homewill not create the home directory so you must use one that already exists--ingroupadds the user to specified groupthe last argument is the username
You could make the user jailed using this guide:
Please remember that even if you jail a user, it is very possible to escape a jail. If you're giving a user access to your system, you may as well be giving them root access because once they have shell access, it's almost always possible to gain root. Setting up a jail will most likely keep a basic user from doing anything too harmful but will do little to nothing to stop a malicious user from doing harmful stuff.
No comments:
Post a Comment