Limit access through FTP/SFTP to specific folders

Hi!

Let’s say I have a VPS with two different projects installed:

• Magento
• Wordpress

and they are both located in their respective folder in the /var/www/html/ directory:

• /var/www/html/magento
• /var/www/html/wordpress

How could I give access through FTP/SFTP to a third party and only allow him to have access to a specific folder/project?

For instance UserA will connect and his “root” folder would be the /var/www/html/magento folder without having the possibility to go upper and see the content of the /var/www/html/ folder.

What’s the best and safest practice to achieve that?

Hi @dlebedef and welcome.

Great question. What you can do is create two SSH users. You can then configure each of those users to only be able to “see” specified folder. For example, m2user would automatically log into /var/www/html/magento and only be able to see the contents of that directory.

I can’t remember how to do this, but I think it’s referred to as SSH Chroot Jail. Checkout these articles (I’ve not read them, but they appear relevant):

• https://www.tecmint.com/restrict-ssh-user-to-directory-using-chrooted-jail/
• https://allanfeid.com/content/creating-chroot-jail-ssh-access
• https://www.howtoforge.com/chrooted-ssh-sftp-tutorial-debian-lenny

Note: SSH and SFTP use the same port (22). Therefore, you only have to set this up for SSH.