# Allowing access to server.

## CurtE

I have a web developer that I need to give access to the server but I only want to allow the directory to the actual web pages.  

Let's say I'm giving him access to /home/webguy where /webguy will hold the temporary web site.

How do I do this properly?

----------

## audiodef

Easy - set the guy up with /home/webguy/.ssh/authorized_keys, which contains his public ssh key. Have him send you his public key and cat webguy_publickey > /home/webguy/.ssh/authorized_keys. He can then ssh/scp to his home dir. 

I have exactly the same situation. I mirror Pappy's Kernel Seeds, and this is how Pappy updates my mirror.

----------

## cach0rr0

if it's just plain ole html/css/javascript/whatever, then Userdir should be fine

if you want to be a bit more fancy, and run something like e.g. php, you'd probably want to look at suPHP

some people take yet another route and run an ftp daemon, but set their ftp daemon to run as the apache user. I don't care for ftp at all personally, but it does work. 

should be good reading fodder at least.

----------

## audiodef

Isn't FTP a security risk compared to scp?

----------

## cach0rr0

 *audiodef wrote:*   

> Isn't FTP a security risk compared to scp?

 

considerably so, yes. 

there is the advent of SFTP, but it's of little value IMHO

...nonetheless, for whatever reason people still do FTP. I think, largely, because where the "average user" would be lost if you asked them to use SCP, they aren't with an FTP client - even though it looks like the same bloody thing! (e.g. WinSCP)

i understand it from a user side. i dont understand it from an admin side. but, c'est la vie

----------

## Yess1934

 *audiodef wrote:*   

> Easy - set the guy up with /home/webguy/.ssh/authorized_keys, which contains his public ssh key. Have him send you his public key and cat webguy_publickey > /home/webguy/.ssh/authorized_keys. He can then ssh/scp to his home dir. 
> 
> I have exactly the same situation. I mirror Pappy's Kernel Seeds, and this is how Pappy updates my mirror.

 

There is 1 small problem with keys, you won't be able to use non-default clients (http://webssh.uni.me, smartphones, ...).

----------

