Add a user to a linux box and give him full access to one website via SSH

Question

I am familiar with Linux users/groups but have never been able to master the following process and wanted to ping the community for suggestions/best practices.

I use coders from odesk,rac often and want to give them access to my server for periods of time ie to install files develop. I don't use ftp only SSH access and would like to create a user named coder1, give him a password and allow him to login from terminal but allow him to only see the directory /var/www/html/mysite1 on my server.

He has full 777 rights to everything in that folder but can't see or touch anything else.

Typically, I would create a group named developers and add coder1 to that group. Then set the owner of the ...mysite1 directory to be the 'developers' group. I think that's pretty standard but I have never been able to correctly lock a developer to a single website directory.

Thoughts on what I'm doing so far? Advice on how to manage multiple coders that come on and off a server over time?

Thanks1

Answer 1

If you're fine with limiting the access to SFTP only (upload/download files), you can have a look at a chroot SFTP solution. Something like Chroot SFTP on Ubuntu should get you started in the right direction.

The idea is to lock the user into a chroot consisting solely of the website files. This way he only has access to those specific files.

If you need some more functionality (executing commands on the server, full console access), you can have a look at rssh (limited to rsync/cvs) or some other solutions involving jailing/chrooting. But this can become a maintenance burden. In such a case, I think you should ask yourself if a normal secure system with standard permission management features won't be sufficient for your needs.