Zum Hauptinhalt springen

Give SFTP permission to edit an app

In YunoHost permission management web admin interface, you can specify which user can access your system through SFTP.

Go to :

  • Groups and permissions > Individual user permissions.
  • Click on add a permission and select SFTP

However, those user are chrooted in their home directory for security reasons.

If you want to give access to a specific apps through SFTP, here are additional steps to do after giving the SFTP permission in the web interface.

In instructions below,

  • USER is the user to whom you wish to give permission to edit wordpress files.
  • /var/www/wordpress/wp-config.php must be replaced by the path your app config file. For example, for yeswiki (/var/www/yeswiki/wakka.config.php)
mkdir -p /home/USER/apps/wordpress
touch /home/USER/.nobackup
mount --bind /var/www/wordpress /home/USER/apps/wordpress
echo "/var/www/wordpress /home/USER/apps/wordpress none defaults,bind 0 0" >> /etc/fstab
find /var/www/wordpress -type d -exec chmod g+s {} \;

setfacl -R -m u:wordpress:rwX /var/www/wordpress
setfacl -R -d -m u:wordpress:rwX /var/www/wordpress
setfacl -m u:wordpress:r-- /var/www/wordpress/wp-config.php

setfacl -R -m u:USER:rwX /var/www/wordpress
setfacl -R -d -m u:USER:rwX /var/www/wordpress

Quick commands explanation :

  • mkdir -p /PATH creates a folder in the specified PATH
  • touch creates an empty file
  • mount --bind makes the contents of the source file or directory available at the target location without actually moving or copying the data.
  • setfacl set the file permissions