Learn about Centmin Mod LEMP Stack today
Register Now

Sysadmin SFTP question

Discussion in 'System Administration' started by upgrade81, Jun 21, 2019.

  1. upgrade81

    upgrade81 Premium Member Premium Member

    238
    14
    18
    Sep 5, 2016
    Switzerland
    Ratings:
    +21
    Local Time:
    9:20 PM
    1.17
    10.3
    good morning, my developer asks me for SFTP access to the root of a domain on a Centminmod installation.

    How can this be provided?
     
  2. upgrade81

    upgrade81 Premium Member Premium Member

    238
    14
    18
    Sep 5, 2016
    Switzerland
    Ratings:
    +21
    Local Time:
    9:20 PM
    1.17
    10.3
    Alternatively it asks me for access via SCP (ssh) but limited to: home / nginx / domains / domain.com /
     
  3. eva2000

    eva2000 Administrator Staff Member

    42,086
    9,504
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,623
    Local Time:
    6:20 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  4. upgrade81

    upgrade81 Premium Member Premium Member

    238
    14
    18
    Sep 5, 2016
    Switzerland
    Ratings:
    +21
    Local Time:
    9:20 PM
    1.17
    10.3
    Unfortunately it needs SFTP, is it possible to create a user on pureftpd for this?
     
  5. eva2000

    eva2000 Administrator Staff Member

    42,086
    9,504
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,623
    Local Time:
    6:20 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Why sftp? pure-ftpd virtual ftp user is done over explicit TLS not plain text

    There's no way not give sftp in automated way without giving access to all nginx sites on the server due to how nginx on centminmod is setup if you want what the dev is working on to be read and served via nginx/php
     
  6. upgrade81

    upgrade81 Premium Member Premium Member

    238
    14
    18
    Sep 5, 2016
    Switzerland
    Ratings:
    +21
    Local Time:
    9:20 PM
    1.17
    10.3
    In theory there would be no problem giving him access to all the sites ... there is only one site on this machine.

    I think it needs SFTP because it uses a php application to copy some files.
     
  7. eva2000

    eva2000 Administrator Staff Member

    42,086
    9,504
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,623
    Local Time:
    6:20 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    php can do FTP via explicit TLS as well PHP: ftp_ssl_connect - Manual

    does he need live verification/work on the files or is it just upload and you then work on the files ? as sftp would have user permissions other than nginx user/group so nginx wouldn't be able to read the files uploaded by the sftp user. So you can create sftp user chroot'd and say upload to /home/chroot/username/public owned by username and then you copy the files over to /home/nginx/domain/domain.com/public and chown/chmod the right permissions for your site.

    there's other manual ways to do it but they will break Centmin Mod's nginx automated routines so while the site would work, centmin.sh menu, letsencrypt and other nginx related routines may break.

    basically it's complicated as there is no chroot support in Centmin Mod as per official FAQ item 2
    Recommended approach when you have 3rd parties needing access, is to setup a 2nd test staging VPS server with copy of your live site and files/databases and give devs access to that with separate logins from your live site server. That way they can work on test staging VPS and test site without touching your live site.
     
    • Informative Informative x 1