Last active
June 17, 2020 14:48
-
-
Save NichlasB/9b9c79ff8e31f48ad19f652b71baf8f6 to your computer and use it in GitHub Desktop.
Shell Script for Creating EasyEngine Server SFTP User
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # WARNING: This script must be run manually to create a new SFTP user. Remember to change the new user's password. | |
| # NOTICE: Make sure first instance of PasswordAuthentication is set to "no" $ sudo nano /etc/ssh/sshd_config | |
| # REQUIREMENT: Make sure bindfs is installed $ sudo apt-get -y install bindfs | |
| #### | |
| ## Gist: https://gist.github.com/NichlasB/9b9c79ff8e31f48ad19f652b71baf8f6 | |
| ## Resource: https://easyengine.io/docs/chroot-sftp-easyengine/ | |
| ## Resource: https://www.howtoforge.com/restricting-users-to-sftp-plus-setting-up-chrooted-ssh-sftp-debian-squeeze | |
| ## Resource: https://blog.rootshell.be/2009/03/01/keep-an-eye-on-ssh-forwarding/ | |
| ## Resource: http://blog.netgusto.com/solving-web-file-permissions-problem-once-and-for-all/ | |
| ## Resource: http://manpages.ubuntu.com/manpages/precise/man1/bindfs.1.html#contenttoc10 | |
| ## | |
| ## | |
| ## Install new website via EasyEngine | |
| ## Change "ee-user" to the user you want to add. | |
| ## Change "ee-site.com" to the EasyEngine site you want to mount to the user's home directory. | |
| ## Manually change the new user's password $ sudo passwd ee-user | |
| #### | |
| #### | |
| ## Setting Up New User | |
| #### | |
| # Create New User and Add to hostingusers Group | |
| useradd -G hostingusers -ms /bin/false ee-user | |
| # Set Sample Password for New User | |
| echo "ee-user:T2xQ96a5ds2D1d7dExY1e44ExQ" | chpasswd | |
| # Create SFTP Home Directory | |
| mkdir -p /home/ee-user/ee-site.com/htdocs | |
| # Set Directory Ownerships | |
| chown root:root /home/ee-user/ | |
| chown root:root /home/ | |
| # Set Webroot Permissions | |
| chmod g+s /var/www/ee-site.com/htdocs/ | |
| # Add Bindfs Line to /etc/fstab with Standard WordPress File Permissions - Directories: 755, Files: 644 | |
| cat <<EOF >> /etc/fstab | |
| # User: ee-user Site: ee-site.com | |
| /var/www/ee-site.com/htdocs /home/ee-user/ee-site.com/htdocs fuse.bindfs force-user=ee-user,force-group=ee-user,create-for-user=www-data,create-for-group=www-data,create-with-perms=gd=rx:gf=r:ud=rwx:uf=rw:od=rx:of=r,chgrp-ignore,chown-ignore,chmod-ignore 0 0 | |
| EOF | |
| # Mount Webroot | |
| mount /home/ee-user/ee-site.com/htdocs -o nonempty |
Script updated in response to this feedback:
https://community.rtcamp.com/t/setting-up-chroot-sftp-users-for-easyengine-sites-bindfs/8386/4
Hi all and thx, i've needed to add some option for boot/reboot on the fstab line :
,noauto,x-systemd.automount,x
It's most securly for old system. My English is to poor for explanation but the cause is . If the fstab is mounted before fsck verification, the server won't boot
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Companion Script - sftp-new-server.sh:
https://gist.github.com/NichlasB/e938cddb7876fd74af09dc00ca537a2c