Excellent ideas Joshua. Thank you so much! On Wed, Jan 6, 2016 at 2:30 PM, Joshua M. Clulow <[email protected]> wrote:
> On 6 January 2016 at 11:15, Mark Creamer <[email protected]> wrote: > > I have a site built on the Wordpress image > 2d7e5054-95e8-11e4-9bc9-835655bded42. The external contractor doing the > development needs FTP access. He should only have access to the Wordpress > content areas which are under /home/wordpress > > First option would be to install and enable ftp, pointing the home > directory for the ftp login "wordpress" to /home/wordpress. > > I wouldn't deploy authenticated FTP on the public Internet these days, > especially as a way to edit the content of a web site. > > > Third would be to enable ssh for the wordpress user and have the > contractor use scp to transfer the files instead of ftp. > > You could use something like scponly[1] as the shell for a locked down > user account (e.g. "contractor") that is only allowed to use SCP/SFTP. > You could also use lofs mounts to arrange the availability of a series > of subdirectories of the wordpress account in a limited chroot > directory, which I believe scponly supports. You could use ZFS ACLs, > or perhaps even regular UNIX sticky/group permissions, to grant access > to both "contractor" and "wordpress" on relevant files in the > subdirectories you've made available. > > [1]: https://github.com/scponly/scponly > > -- > Joshua M. Clulow > UNIX Admin/Developer > http://blog.sysmgr.org > -- Mark ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
