On 6 January 2016 at 11:15, Mark Creamer <[email protected]> wrote: > I have a site built on the Wordpress image > 2d7e5054-95e8-11e4-9bc9-835655bded42. The external contractor doing the > development needs FTP access. He should only have access to the Wordpress > content areas which are under /home/wordpress > First option would be to install and enable ftp, pointing the home directory > for the ftp login "wordpress" to /home/wordpress.
I wouldn't deploy authenticated FTP on the public Internet these days, especially as a way to edit the content of a web site. > Third would be to enable ssh for the wordpress user and have the contractor > use scp to transfer the files instead of ftp. You could use something like scponly[1] as the shell for a locked down user account (e.g. "contractor") that is only allowed to use SCP/SFTP. You could also use lofs mounts to arrange the availability of a series of subdirectories of the wordpress account in a limited chroot directory, which I believe scponly supports. You could use ZFS ACLs, or perhaps even regular UNIX sticky/group permissions, to grant access to both "contractor" and "wordpress" on relevant files in the subdirectories you've made available. [1]: https://github.com/scponly/scponly -- Joshua M. Clulow UNIX Admin/Developer http://blog.sysmgr.org ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
