I have a Linux box that I use as a small web, mail, and file server. Up until now, there were no users or administrators other than me. Now, however, I've agreed to help out a friend and host a web site for him, which he'll design and administer.
In order to allow him to administer the site, I need to grant him FTP and shell access from a Windows client, preferably via SSH, but I'd prefer to limit his shell and FTP access to particular directories (say access to /var/www and below is required, and additional access to his /home directory, though not required, would be a nice touch).
How does one do such a thing? I was reading a bit about setting up chrooted SSH (see
http://www.howtoforge.com/chroot_ssh_sftp_fedora7), but this is a working web server hosting a handful of domains that I administer. It seems I would need to restructure the /var/www tree quite a bit to set up the SSH chroot environment, at least using the procedure outlined at the above link, and I don't really want to screw around with the /var/www directories. I could set his account's home directory to be /var/www, but I'm pretty sure that alone will not disallow roaming throughout the system.
The server is running Fedora 7 and OpenSSH 4.5. Any ideas, discussion, suggestions, rants, epiphanies, or requests for further information welcome.
Start Free Trial
