Adding Additional SFTP Users
-
there are various ways to do this Anthony. what works best depends on your setup and what the users are each for. so tell me?!
however, to give a secondary user the same file rights as that file's owner you'd simply pop it into the file's group ("usermod" command) and then modify group permissions (change mode with "chmod" command) to give the group users whatever required privileges. ie ..
- you have group admin, then use that user to create a file .. that file has user:group ownership of admin:admin.
- you create another user, user2 (already done, no?)
- you add user2 to the admin group with ..sudo usermod -a -G admin user2
[modifyUser -add -toGroup group-in-question user-in-question]
.. so that adds user2 to admin's group
now the user's in the admin group, ensure the group has the privileges you want ..
sudo chmod 640 admin:admin /some/file
.. changing 640 for the permissions you need to give, and NO HIGHER THAN ABSOLUTELY REQUIRED
.. That last tip, in upper case, is the bottom line. Maybe you'd be better off giving user2 ownership of the file, else maybe the rights need not be as high for him as for the original user?
This seems complex at first and my explanation is very general. What rights are required for user2, and for the original user? What is this for, an SFTP/upload area, for example?
Bottom line: to reduce risk from attack, cut privileges to the minimum required and, where possible, give file sets (such as for a site) their own user (that's privilege separation, this can be achieved in other ways too.)
Tell me more about your scenario and I'll be more specific.
Posted 10 months ago # -
.. actwaally, Anthony .. tis Book of the Ruddy Month, me old kipper:-
slightly unfortunate shortlink perhaps but, other than that .. only the best, dear boy ;)
Posted 10 months ago #
Reply
You must log in to post.
Want HTML?
a blockquote code em strong ul ol liPlace code between backticks `codeHere`
You've got it.