Read & Write Permissions for SSH User and Web Server Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)changing ownership and permissions of /usr/bin/ and /var disables sshuser permissions in shared folderDoes nginx require an Ubuntu user for each server block?How to setup Restricted (permission) access for Directories in Apache2 web serverNon-jailed SSH user getting /bin/bash permission deniedRestrict SSH user to one directory onlyUbuntu users management, groups, users, permissionsallow SSH access for a specific local user from only internal networks and deny SSH access to that user from External networksUbunu: restrict user only in a single directory without permissions to view anothers with SSH Key authApache permissions to allow both user and web server to edit /var/www

Is high blood pressure ever a symptom attributable solely to dehydration?

What are 'alternative tunings' of a guitar and why would you use them? Doesn't it make it more difficult to play?

How to find all the available tools in macOS terminal?

Is a manifold-with-boundary with given interior and non-empty boundary essentially unique?

How can I make names more distinctive without making them longer?

Are my PIs rude or am I just being too sensitive?

Why does Python start at index 1 when iterating an array backwards?

Is above average number of years spent on PhD considered a red flag in future academia or industry positions?

If a contract sometimes uses the wrong name, is it still valid?

Why is "Captain Marvel" translated as male in Portugal?

Is there a way in Ruby to make just any one out of many keyword arguments required?

How much radiation do nuclear physics experiments expose researchers to nowadays?

Can inflation occur in a positive-sum game currency system such as the Stack Exchange reputation system?

Java 8 stream max() function argument type Comparator vs Comparable

Doubts about chords

Did Xerox really develop the first LAN?

Check which numbers satisfy the condition [A*B*C = A! + B! + C!]

Disable hyphenation for an entire paragraph

Gastric acid as a weapon

Bonus calculation: Am I making a mountain out of a molehill?

WAN encapsulation

Does polymorph use a PC’s CR or its level?

List *all* the tuples!

Why don't the Weasley twins use magic outside of school if the Trace can only find the location of spells cast?



Read & Write Permissions for SSH User and Web Server



Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)changing ownership and permissions of /usr/bin/ and /var disables sshuser permissions in shared folderDoes nginx require an Ubuntu user for each server block?How to setup Restricted (permission) access for Directories in Apache2 web serverNon-jailed SSH user getting /bin/bash permission deniedRestrict SSH user to one directory onlyUbuntu users management, groups, users, permissionsallow SSH access for a specific local user from only internal networks and deny SSH access to that user from External networksUbunu: restrict user only in a single directory without permissions to view anothers with SSH Key authApache permissions to allow both user and web server to edit /var/www



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








0















First of all, let me clarify that I've searched through Ask Ubuntu and Stack Overflow as well as have googled a lot but didn't find any concreted solution to my problem.



So I'm setting up a web hosting environment on an Ubuntu server. The server is running Nginx as www-data user. The issue where I'm stuck is the isolation of SSH users.



With a jailed setup, I can restrict an SSH user to their own directory but at the same time, I need to give web server write access to the directories. Now even if a user is jailed, if he knows the absolute path to any other SSH users' home directories (where the web-server has write permissions), he will be able to modify the stuff (write, delete or whatever) without any restriction using the web server.



For example a user can execute a PHP script from /var/userone/sites/alter.php like:



file_put_contents('Creating a file with this text', '/var/usertwo/sites/create.php');


to create a new file create.php in usertwo's home directory. Am I correct?



In this scenario, what's the best way to isolate the SSH users so they should not be view/read each other's directories keeping the web server working without any permission issues?



Any proper guidance will be highly appreciated.






ssh apache2 nginx







share|improve this question







New contributor




Rehmat is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.


























    0















    First of all, let me clarify that I've searched through Ask Ubuntu and Stack Overflow as well as have googled a lot but didn't find any concreted solution to my problem.



    So I'm setting up a web hosting environment on an Ubuntu server. The server is running Nginx as www-data user. The issue where I'm stuck is the isolation of SSH users.



    With a jailed setup, I can restrict an SSH user to their own directory but at the same time, I need to give web server write access to the directories. Now even if a user is jailed, if he knows the absolute path to any other SSH users' home directories (where the web-server has write permissions), he will be able to modify the stuff (write, delete or whatever) without any restriction using the web server.



    For example a user can execute a PHP script from /var/userone/sites/alter.php like:



    file_put_contents('Creating a file with this text', '/var/usertwo/sites/create.php');


    to create a new file create.php in usertwo's home directory. Am I correct?



    In this scenario, what's the best way to isolate the SSH users so they should not be view/read each other's directories keeping the web server working without any permission issues?



    Any proper guidance will be highly appreciated.






    ssh apache2 nginx







    share|improve this question







    New contributor




    Rehmat is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.






















      0












      0








      0








      First of all, let me clarify that I've searched through Ask Ubuntu and Stack Overflow as well as have googled a lot but didn't find any concreted solution to my problem.



      So I'm setting up a web hosting environment on an Ubuntu server. The server is running Nginx as www-data user. The issue where I'm stuck is the isolation of SSH users.



      With a jailed setup, I can restrict an SSH user to their own directory but at the same time, I need to give web server write access to the directories. Now even if a user is jailed, if he knows the absolute path to any other SSH users' home directories (where the web-server has write permissions), he will be able to modify the stuff (write, delete or whatever) without any restriction using the web server.



      For example a user can execute a PHP script from /var/userone/sites/alter.php like:



      file_put_contents('Creating a file with this text', '/var/usertwo/sites/create.php');


      to create a new file create.php in usertwo's home directory. Am I correct?



      In this scenario, what's the best way to isolate the SSH users so they should not be view/read each other's directories keeping the web server working without any permission issues?



      Any proper guidance will be highly appreciated.






      ssh apache2 nginx







      share|improve this question







      New contributor




      Rehmat is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.












      First of all, let me clarify that I've searched through Ask Ubuntu and Stack Overflow as well as have googled a lot but didn't find any concreted solution to my problem.



      So I'm setting up a web hosting environment on an Ubuntu server. The server is running Nginx as www-data user. The issue where I'm stuck is the isolation of SSH users.



      With a jailed setup, I can restrict an SSH user to their own directory but at the same time, I need to give web server write access to the directories. Now even if a user is jailed, if he knows the absolute path to any other SSH users' home directories (where the web-server has write permissions), he will be able to modify the stuff (write, delete or whatever) without any restriction using the web server.



      For example a user can execute a PHP script from /var/userone/sites/alter.php like:



      file_put_contents('Creating a file with this text', '/var/usertwo/sites/create.php');


      to create a new file create.php in usertwo's home directory. Am I correct?



      In this scenario, what's the best way to isolate the SSH users so they should not be view/read each other's directories keeping the web server working without any permission issues?



      Any proper guidance will be highly appreciated.






      ssh apache2 nginx




      ssh apache2 nginx






      share|improve this question







      New contributor




      Rehmat is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question







      New contributor




      Rehmat is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question






      New contributor




      Rehmat is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 4 hours ago









      RehmatRehmat

      1013




      1013




      New contributor




      Rehmat is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      Rehmat is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      Rehmat is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.




















          0






          active

          oldest

          votes












          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "89"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );






          Rehmat is a new contributor. Be nice, and check out our Code of Conduct.









          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1134185%2fread-write-permissions-for-ssh-user-and-web-server%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          Rehmat is a new contributor. Be nice, and check out our Code of Conduct.









          draft saved

          draft discarded


















          Rehmat is a new contributor. Be nice, and check out our Code of Conduct.












          Rehmat is a new contributor. Be nice, and check out our Code of Conduct.











          Rehmat is a new contributor. Be nice, and check out our Code of Conduct.














          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1134185%2fread-write-permissions-for-ssh-user-and-web-server%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Are there any comparative studies done between Ashtavakra Gita and Buddhim?How is it wrong to believe that a self exists, or that it doesn't?Can you criticise or improve Ven. Bodhi's description of MahayanaWas the doctrine of 'Anatta', accepted as doctrine by modern Buddhism, actually taught by the Buddha?Relationship between Buddhism, Hinduism and Yoga?Comparison of Nirvana, Tao and Brahman/AtmaIs there a distinction between “ego identity” and “craving/hating”?Are there many differences between Taoism and Buddhism?Loss of “faith” in buddhismSimilarity between creation in Abrahamic religions and beginning of life in Earth mentioned Agganna Sutta?Are there studies about the difference between meditating in the morning versus in the evening?Can one follow Hinduism and Buddhism at the same time?Are there any prohibitions on participating in other religion's practices?Psychology of 'flow'

          Image
          Why "be dealt cards" rather than "be dealing cards"? Have I saved too much for retirement so far? The plural of 'stomach" How do I rename a LINUX host without needing to reboot for the rename to take effect? What defines a dissertation? Why are on-board computers allowed to change controls without notifying the pilots? Bash method for viewing beginning and end of file Student evaluations of teaching assistants Opposite of a diet Go Pregnant or Go Home Valid Badminton Score? What's the purpose of "true" in bash "if sudo true; then" What is the intuitive meaning of having a linear relationship between the logs of two variables? The baby cries all morning Is there a good way to store credentials outside of a password manager? Can I use my Chinese passport to enter China after I acquired another citizenship? Why Were Madagascar and New Zealand Discovered So Late? What are the ramifications of creating a ...
          Read more

          fallocate: fallocate failed: Text file busy in Ubuntu 17.04? Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)defragmenting and increasing performance of old lubuntu system with swap partitionIssue with increasing the root partition from the swapthis /usr/bin/dpkg returned error || ubuntu-16.04, 64bitDefault 17.04 swap file locationHow to Resize Ubuntu 17.04 Zesty Swap file size?Ubuntu freezes from online formsMy Laptop is not starting after upgrade ubuntu 16.04 (Kernel 4.8.0-38 to 04.10.0-36)hcp: ERROR: FALLOCATE FAILED!Not sure my swap is being usedWine 3.0 asking for more virtual free swap

          Image
          Why does Python start at index 1 when iterating an array backwards? Letter Boxed validator What's the purpose of writing one's academic bio in 3rd person? What is the longest distance a 13th-level monk can jump while attacking on the same turn? What are 'alternative tunings' of a guitar and why would you use them? Doesn't it make it more difficult to play? Can Pao de Queijo, and similar foods, be kosher for Passover? When -s is used with third person singular. What's its use in this context? Right-skewed distribution with mean equals to mode? Should gear shift center itself while in neutral? Are my PIs rude or am I just being too sensitive? When is phishing education going too far? If 'B is more likely given A', then 'A is more likely given B' List *all* the tuples! Is high blood pressure ever a symptom attributable solely to dehydration? Is there a service that would inform me whenever a new direct route is scheduled ...
          Read more

          Where is the suspend/hibernate button in GNOME Shell? Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)No suspend option in UI on Bionic BeaverHow can I set sleep mode in ubuntu18.04 LTS and what is the short cut key to do so?17.10 suspend not availableUbuntu 18.04 LTS missing sleep optionUbuntu 18.04 LTS - missing suspend option when power button is pressedHow to put Thinkpad X1 Extreme to sleep in Ubuntu 18.10?Suspend Button in interactive power button menu18.04 - Keep programs running after logging outway to disable Hibernate from within gconf-editor so button disappears?How can I hibernate from GNOME Shell?How can I hibernate/suspend from the command line and do so at a specific timeNo permission to suspend/hibernate after upgrading to 12.10MATE - Missing Suspend and Hibernate buttons, pressing power button shutdowns system immediatelyUbuntu 14.04: Suspend, Hibernate and Suspend-hybrid in the menu?Change “power-button-action” comand for “hibernate” option in GNOME 3.18Shutdown / Power off button does always go to suspend on 17.10Hibernate after suspend stopped working in 17.10Why doesn't the keyboard screenshot button work on Ubuntu with GNOME shell?

          Image
          .bashrc alias for a command with fixed second parameter Can I cut the hair of a conjured korred with a blade made of precious material to harvest that material from the korred? Did pre-Columbian Americans know the spherical shape of the Earth? calculator's angle answer for trig ratios that can work in more than 1 quadrant on the unit circle Why do C and C++ allow the expression (int) + 4*5? Dinosaur Word Search, Letter Solve, and Unscramble Is honorific speech ever used in the first person? Inverse square law not accurate for non-point masses? How does Billy Russo acquire his 'Jigsaw' mask? My mentor says to set image to Fine instead of RAW — how is this different from JPG? How do you cope with tons of web fonts when copying and pasting from web pages? What does Sonny Burch mean by, "S.H.I.E.L.D. and HYDRA don't even exist anymore"? Flight departed from the gate 5 min before scheduled departure time. Refund options No Invitation for T...
          Read more