We normally use public key logins for our server but a new subscription service is requiring a username and password for SCP access to a user's account (This is Vaultpress – A remote backup utility for WordPress). We have a blog running under UserA at /home/usera/public_html. Vaultpress requires a username and password for SCP access, but we don't want to give them UserA's credentials.
So the question is: How do we go about creating a UserB who can only SCP in and who only has access to UserA's home directory? And how do we ensure that any files written by UserB are editable/owned by UserA?
Best Answer
You can simply use POSIX acl for this. Create user B with it's default group as A (I'm assuming that the default group of user A is group A)
Now you need to set up the right permissions
Based on the above setup, B can read and write inside public_html directory. AFAIK, Vaultpress needs write permissions in order to restore the backups. You can remove the write permission if you're not planning to use the auto-restore feature of Vaultpress. On top of this, all the files will be editable by the original user A.
Any file/directory that is created by B will be owned by group A by default. This will share the ownership of those files among users A and B.
Please add a comment if you like me to clarify anything.