Changing file and group ownership should work fine. Just make a note of ownership before you start changing anything so if you get problems you can roll them back

These users are going to be local to the Clearos server only.

Are these users going to be local to the Clearos server or are they created in in LDAP?

You will only break website publishing if Apache loses access to the files it needs

ok I understand:

I change the home directory for user1. (usermod -m -d /var/www/virtual/thedir user1
I change user from "allusers" to "user1" for this directory. (chown -R user1:group1 /thedir)
This won’t break website publishing ?

but... still user1 has gid=63000(allusers) groups=63000(allusers)
Doesn’t that give him permission for allusers dir and files ?

File permissions are trivial, but setting them is going to have to be done from the command line.

e.g home directory is /home/user1 and user1 belongs to group group1 directory permissions should look like this

drwxr-x--- user1 group1 with this only members of group1 will be able to enter the directory and only user1 will be able to add or remove files from the directory

Files inside the directory should have permissions

-rw-rw---- user1 group1

which means any member of group group1 can edit (and owner user1 can too)

I have little knowledge with Linux and linux file permissions.
But I chose ClearOS that offer an easy to manage web interface (control panel) because of this.

In my mind, if I have a user that is assigned to a group what he should see and be able to edit should be assigned to this group.
This is pretty trivial in most control panel that help no-techies to manage hosting.


To answer your first question, I would like both option, terminal editing with putty, nano or vi and sftp using third party software (ftp or IDE).

But as start sftp will be great progress !

How is the user going to edit the files? In a terminal window using a command line editor such as vi or nano? Or is the users going to copy files using sftp to another machine then edit and copy back? The method using sftp can be fairly easily set up and the user does need access to commands (nano/vi) on the server and the user has only access to a single directory - see here for an idea of the set up - http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/

Creating an ssh user that can only access one directory and a limited set of commands is doable but more complicated see here for some idea of the set up http://linuxpitstop.com/chroot-ssh-users-on-centos-7/ (generic Centos)

The most simple is to allow the user to access the server via ssh and then control what they do via file/directory permissions - the issue here is that the user will be able to move around the directory structure. How familiar are you with Linux file permissions?

Thanks for your help Duncan,

ssh username@ip.ip.ip.ip

username@ip.ip.ip.ip's password: 

Last login: Mon May 15 09:01:50 2017 from .......

-sh-4.2$ ls -l

total 1592

-rw-r--r-- 1 username allusers 1624110 Feb 22 09:42 _E540036.jpg

-sh-4.2$ pwd

/home/username

id username

uid=2002(username) gid=63000(allusers) groups=63000(allusers),60000(ftp_plugin),60002(workinggroup)

("workinggroup" is what I want him to see and edit)

As it is someone from another team to who I want to give ssh access to edit only files within the group I assigned him to.

I would like him to land directly in : /var/www/virtual/ (ok he will see all the other domain names)
And him to be able to open only directories and edit files where group = workinggroup

On any Linux system users can generally move around the directory structure, but are limited by the permissions on files and /or directories

Can you post the output of

ls -la

for the directory in question?

and

id username

of the user concerned

Bumping/Updating this one...

Update; the user can read files within the group he is assigned to but he cannot edit them.

So this is pretty unusfull...