Hi, you don’t have to use scponly. If you have OpenSSH available (not sure, which version of platform you are running), ChrootDirectory might be of use for you. If you configure something similar (configuration from zone, which I run for cases when people need to upload something pretty fast and big):
Match Group upload ChrootDirectory /data ForceCommand internal-sftp -d %u -u 0077 AllowTcpForwarding no PermitTunnel no X11Forwarding no You could point this to your wordpress web root and do some permission configuration as Josh wrote. I found this solution to be much easier due to the fact it’s using only OpenSSH and nothing more. Cheers, Adam > On Jan 6, 2016, at 8:30 PM, Joshua M. Clulow <[email protected]> wrote: > > On 6 January 2016 at 11:15, Mark Creamer <[email protected]> wrote: >> I have a site built on the Wordpress image >> 2d7e5054-95e8-11e4-9bc9-835655bded42. The external contractor doing the >> development needs FTP access. He should only have access to the Wordpress >> content areas which are under /home/wordpress >> First option would be to install and enable ftp, pointing the home directory >> for the ftp login "wordpress" to /home/wordpress. > > I wouldn't deploy authenticated FTP on the public Internet these days, > especially as a way to edit the content of a web site. > >> Third would be to enable ssh for the wordpress user and have the contractor >> use scp to transfer the files instead of ftp. > > You could use something like scponly[1] as the shell for a locked down > user account (e.g. "contractor") that is only allowed to use SCP/SFTP. > You could also use lofs mounts to arrange the availability of a series > of subdirectories of the wordpress account in a limited chroot > directory, which I believe scponly supports. You could use ZFS ACLs, > or perhaps even regular UNIX sticky/group permissions, to grant access > to both "contractor" and "wordpress" on relevant files in the > subdirectories you've made available. > > [1]: https://github.com/scponly/scponly > > -- > Joshua M. Clulow > UNIX Admin/Developer > http://blog.sysmgr.org >
signature.asc
Description: Message signed with OpenPGP using GPGMail
------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
