[TriLUG] Proper way to allowing remote sftp to nginx web server
Ronald Kelley via TriLUG
trilug at trilug.org
Fri Apr 1 10:13:32 EDT 2016
Greetings all.
I need to allow remote sftp access to one of our servers for some web development. I have setup a chroot sftp environment (per https://wiki.archlinux.org/index.php/SFTP_chroot) but am running into a permissions dilemma and need some advice.
Everything is working as expected - the user can login via sftp and change to the web server’s root directory. However, since the UID/GID of the remote user (ie: 9801:9801) does not match the web server’s UID/GID (nginx 1504:1504), the remote user can’t write files to the web server directory. If I put the user in the same group as nginx, the UID permissions are wrong and the web server has problems. I was hoping I could fine some sort of UID/GID remapping option for sshd but have not found anything yet.
Short of using nginx’s UID/GID for the remote user in /etc/passwd, how can I get sshd to remap the IDs? What is the proper security fix?
Thanks in advance.
-Ron
More information about the TriLUG
mailing list