0

How to create a sudo user such that when logged in to server will be redirected to a specific directory.

For example if I want to give access only to /var/www/html/my-site directory for that user. As soon as that user is logged in, can view content only under the my-site directory (even the path shown should be /my-site only), and should not be able to access other directories under html directory.

I referred this answer and followed all the steps but still that user can access all the folders. How to restrict it?

Community
  • 1
Akshay
  • 113

1 Answers1

1

What you're asking for is essentially known as a jail, wherein a user is confined to a certain subset of the system (like say, the home folder). Fortunately, users on Linux already have a home folder setup, so you can just use this jail.

Now, setting up a jail is a complicated matter, and is out of the scope of this question.

Now, assuming you have a working jail, you can just bind the proper folder to the user home:

mount --bind /var/www/username /home/username/www

Although, this honestly is not a good option. If you're just hosting a user, allow them to connect over FTP and just jail them to their "home" (the folder they have admin to). There is no need for them to have a shell on your server.

The question you linked has a very good concept of how to jail users, but it only works with FTP and derivatives, not with raw SSH itself. And, as I mentioned before, running raw SSH is a really bad idea.

Finally, it seems as though you're acting as a web host. Why not just use a control panel like Froxlor? It takes care of most of the heavy lifting for you, and allows you to set quotas and other things that may be of interest. Plus it manages FTP jails and similar automatically for you, allowing you to bypass the headache that is jailing.

Community
  • 1
Kaz Wolfe
  • 34,122
  • 21
  • 114
  • 172
  • Actually this is my dev environment. I want to share my specific directory with a theme company to troubleshoot problem in my site. That's why I wanted to create separate user which will have complete access but only to that directory. – Akshay Sep 14 '16 at 06:32
  • @Akshay If they're just gonna be looking at site files, then using FTP is likely good enough for them. They don't need a shell to edit files. They definitely do not need root. – Kaz Wolfe Sep 14 '16 at 06:33
  • Yes, I tried with FTP, but they can access all other directories under html and can download as well. Only FTP is fine. – Akshay Sep 14 '16 at 06:34
  • @Akshay Then vsftpd should be good enough. Just make sure to start that service and replace whatever FTP provider you're using with that one, or run vsftpd on a special port. – Kaz Wolfe Sep 14 '16 at 06:35
  • Ok. I will try changing the port then. – Akshay Sep 14 '16 at 06:38