Ftp – Linux & Apache: FTP/SFTP user accounts for Apache Virtual Hosts

apache-2.2ftpsftpvirtualhost

Problem

Our company's websites are all located on a high performance web server, including several development and internal-only projects.

A handful of our sites are public sites that need regular back-end updates. These updates are made by a third-party contract SEO/design firm.

I need to setup a single FTP account that the 3rd party firm can use to access ONLY those sites via FTP (or ideally, SFTP) in order to modify files there. I do NOT want them to have any access whatsoever to the rest of our server or our other websites.

Example

To illustrate my situation, let's assume for a moment I have four websites configured as Virtual Hosts in Apache:

internalsite1.com
internalsite2.com
contentsite1.com
contentsite2.com

These exist on my server in the following locations:

/var/www/html/
    /internalsite1.com
    /internalsite2.com
    /contentsite1.com
    /contentsite2.com

Now, I need the "contentsite" hosts to allow access via an FTP account to modify files. The "internalsite" hosts should be accessible only by users who are logged in (i.e. through standard SSH).

** What I've Tried **

Earlier today, I experimented with modifying my SSH configuration to create chroot'ed users using the internal-sftp and ChrootDirectory features of OpenSSH. However, the configuration was getting very complicated and I cannot risk breaking SSH access to my server, so I backed away from that approach.

Currently, I'm trying to figure out how to use vsftpd to achieve my goal; but so far I'm only able to setup a single account with access to a single directory. This would probably suffice, but vsftpd has dozens of options and no clear documentation on achieving this particular setup.

The Question

How can I enable a single ftp user account to acesss to multiple directory locations on the server, one representing each ?

Note: Links to clear tutorials are welcome.

EDIT: While I'd prefer them to login via SFTP, I'd settle for ordinary FTP access. I just need to create a single FTP Account on the server that has access to each of the three website locations in question.-

Best Answer

Consider chroot'ing the users. Here's a guide for Ubuntu but should be adaptable.

http://ubuntuforums.org/showthread.php?t=858475

Related Topic