Linux – adduser with a read / write to only one directory

file-permissionslinuxuser-managementuseradd

I have CentOS with one ssh user which is root.

How do I make one more user for my web developer so he can scp files over to /var/www/html ?
Its gonna be a static page, so mysql and alike are out of question. All I need is that user to be able to scp in and out files of /var/www/html

I tried to add user with home dir as /var/www/html by typing

# adduser -d /var/www/html webdev

but

1. this user was not able to write files into this dir

2. he is able to browse other directories on the server

Best Answer

Why not setup a jail? This will restrict a user to a specific directory when they log in. There are a variety of guides on how to do this, so take your pick.

Additionally, you can either add the user to a group that owns the files, or you can chown the files so that anybody can write to them.

Related Solutions

Linux – Added a new user to group www-data and to sudoers, still not sure why user creates new directories as root

The reason why your sudo-created directories are owned by root:root is because sudo literally lets you run commands as a different user, in this case as root (since you did not specify a different username).

Put developer1 into the group www-data, then make sure the directory you want this user to create files/directories in is owned by the group www-data and is writable by said group.

Now developer1 can create files and directories in there, because his group memberships let him do this.

But you'll then notice that these new directories/files are owned by developer1:developer1 (or, alternatively, developer1:users or something like that). To fix this, you can make developer1's primary group www-data, in which case everything he creates will be owned by the www-data group.

If your goal is to have this user create files elsewhere in a different group (e.g. users or developers), but create them as www-data in e.g. /var/www, well, that's one thing I've not yet figured out. So far, I've been stuck with one of two (well, three, really: the third is to just live with it) workarounds:

Have the user(s) manually chgrp files and directories when they are created. Can be done recursively and/or in a batch, so you can e.g. upload a huge number of files and then chgrp them all at once.
Set up a cron job that runs every so often (e.g. every 5-10 minutes) and recursively chgrps everything under your web root (or whatever it is you're trying to control) to www-data. Alternatively, you can use this cron job to chown -R www-data:www-data /var/www to ensure that the files/directories all belong to the www-data user as well as the www-data group.

I realize neither of these is ideal, although once a file is created it will retain its ownership no matter who edits it.

Ftp – Cannot read/write FTP directory vsftpd on centos 6.0 (empty folder)

It's selinux for 99 % ;-)

# getenforce
Enforcing

Turn it off by:

# setenforce 0
# vim /etc/sysconfig/selinux

And set it to "disabled" in that file or "permissive" if you plan to turn it on sometime in future or you want to track selinux errors.

For FTP I highly recommend NOT to turn it off. Follow the RHEL 6 guides how to set it up properly for a FTP site.

Best Answer

Related Solutions

Linux – Added a new user to group www-data and to sudoers, still not sure why user creates new directories as root

Ftp – Cannot read/write FTP directory vsftpd on centos 6.0 (empty folder)

Related Topic