Let your clients use sftp on a Forge provisioned server
A few years ago all the projects I worked on were served on a shared hosting environment. It was quite common that a client had ftp access to server to upload some files. A control like Cpanel or Plesk made it really easy to create some ftp accounts.
Fast forward to today. Most projects are hosted on their separate DigitalOcean droplets provisioned by Forge. Even the smallest droplet has a whopping 20 GB of diskspace. An ftp-server is not installed by default. That’s probably a good thing because ftp is an insecure and antiquated protocol. In this post I’d like to explain how you can help a client that wants ftp-like functions.
Our goal is to give a client read and write access to a single directory. We will make sure that the client cannot go outside that directory. We’ll also prohibit the client from executing any shell commands. Instead of ftp we’re going to use a more secure protocol: sftp. Let’s do this!
The first thing you’ll have to is to add a unix user. In the remainder of this post we’ll assume that our client is named Bob.
sudo adduser bob
You will be prompted for a password and some general user information. After completing this command the homedirectory for Bob will have been created at /home/bob.
Next up we are going to make sure that this user is not allowed to use a shell:
sudo usermod -s /bin/false bob
If Bob will try to login via ssh he will immediately be logged out.
Now we are going to “chroot” Bob. This is the wikipedia definition:
Originally published at www.laravelfeed.com.