Granting a sftp user access to a /var/www directory

This is the process:

1. Add the user to the group: sudo usermod -aG www blub as in Whats the simplest way to edit and add files to "/var/www"?

   or just use sudo adduser <username> www-data

2. Install vsftpd sudo apt-get install vsftpd

3. Configure vsftpd for remote access: sudo nano /etc/vsftpd.conf and inside the file set

   chroot_local_user=YES
   

   and ensure this is commented out:

   #chroot_list_enable=YES
   

   as per documentation.

4. Restart nsftp: sudo service vsftpd restart

5. Configure the user's home directory to the web directory (not in /home):

   sudo usermod -d /var/www/mysite/ftpaccessdir <username>
   

6. Configure ssh chroot

   sudo nano /etc/ssh/sshd_config
   

   add the following to the end:

   Subsystem  sftp  internal-sftp
   Match user <username>
       ChrootDirectory /var/www/site
       ForceCommand internal-sftp
   AllowTcpForwarding no
   

   and ensure that further up in the file that this is commented out (ie before the one you just added)

   #Subsystem sftp /usr/lib/openssh/sftp-server
   

7. Restart ssh

   sudo service ssh restart
   

8. Change the permissions for apache:

   chown root:root /var/www
   chown root:root /var/www/site
   chmod 755 /var/www
   

   As in the docs here.

9. Ensure that your directory has www-data access

   sudo chown -R www-data:www-data /var/www/site
   chmod 755 /var/www/site
   

If you are getting connection refused error at end then make sure that "Subsystem sftp internal-sftp" is place after "UsePAM yes". If not then update and Restart ssh and it worked.