OPERATING FRAMEWORK Hosting provider : OVH Machine : remote VPS OS distro : Ubuntu 22.04 LTS SSH user : superuser with sudo rights Panel : ISPConfig 3 (last) CLI terminal : MacBook Air Hello, For security reasons I wish to avoid activating and using root user for SFTP connection from local client to remote server webroot directories. Therefore, I wish a new user that have sudo rights, to become owner of existing and future webroot directories on my Ubuntu OS (on remote VPS), so to allow him access to these via SFTP client. To achieve this, do I have to both change Apache user, and change file ownership as explained in this web page ? https://fedingo.com/how-to-change-apache-user/ Regards
If you want to get access to a site by SSH, just create a shell user for it in ISPConfig. And if you want to get access to a site by FTP, create an FTP user. And of course, you can create sudo users on any Linux distribution, but this is neither related to ISPConfig nor to the user that owns websites on your server as a sudo user is just a normal Linux user that you configured to be able to become root user. This makes no sense for a hosting system and does not add any security. Websites scripts do not run under the apache user anyway, and the files of a website are not owned by the apache user. ISPConfig uses a separate user for each site for security reasons.
Hi Till A week ago I already created a FTP user, and today I created a user shell user. Since then I found that FTP connection from FileZilla client to my remote VPS works fine with shell user credentials, but fails with FTP user credentials : FILEZILLA FTP CLIENT Connection attempts details with an exemple user, password and port (created in ISPConfig) CASE 1 - shell user (connection OK) Host : sftp://serverIPV4-ADDRESS Shell user : user1attempt Password : attwikipr@NX Port : 54228 CASE 2 - (connection Fails) Host : sftp://serverIPV4-ADDRESS FTP user : user2attempt Password : attwikipr@UP Port : 54228 I did went further on in ISPConfig, by chrooting shell user (case 1) using “Jailkit“ that I selected instead of default “none“ setting in the shell user section. I thought that it would have limited the shell user, so that he may only have FTP access to website root directory : /var/www/clients/client1/web2 /// QUESTION /// But I when FTP connection get established, shell user have default access to server content at level of where the /var directory is located, but he is prevented to access upper directories. How then to constrain FTP connection so that shell user is by default directed to the website root directory (web2), and is prevented to access upper directories ? Regards
Which means you use the wrong settings in FileZilla. I explained that many many times here in the forum, but here again: FTP = FTP FTPS = FTP SFTP = Not FTP but SSH (Shell User) So what you did wrong is that you mixed up FTPS and SFTP, SFTP is SSH File Transfer Protocol, so it's not FTP. When you want to run your own Linux server, then it's important that you have some basic understanding of internet protocols and what they are used for and which daemon provides them. You should really consider taking some classes for Linux administration. This is all not related to ISPConfig btw. So as you can see, the solution to your problem is reallyeasy, just learn how to use an FTP client like FileZilla correctly to enter FTP login credentials in the app instead of switching it to non-FTP mode and then wondering why FTP credentials of course do not work. That's all not related to the issue as you simply have to use FTP/FTPS, which you have not done. And you might read a bit about what jails are as this explains why you falsely think that a jailed SSH user can access /var (which he can't of course, he just sees something that for you looks like systems /var folder, but it is not /var). But anyway, it#s not related to FTP access at all anyway and just about shell access.
Indeed, and this web page is a good remind of the basics upon the matter of FTPS vs SFTP : https://www.spiceworks.com/tech/networking/articles/sftp-vs-ftps/
