If you want to disable your root user of the maschine being accessed via SSH you probably ran into Problems with SFTP on your server. As long you use the root user of the maschine your SFTP will work fine, but if you change your user you will get into trouble.
I’m working a lot with docker and bind mounts for config files so I can’t change the owner/permission of the directory or file I’m binding to. That causes that I’m not able to upload updated versions of this file or write into this directories via SFTP.
why not use
I don’t want to touch the rights on the server. So if I change the rights with chmod I’m not able to determine what the original permission was.
ACL to the rescue#
There is something called ACL-Access Control Lists. It is an aditional layer for rights in Linux. And it is lifes on top of the basic rights management of linux. So I can use this technic to modify file permissions without touching the original rights.
ACL are super easy to use:
Setting rights to user johnny to write, read, execute on specific file:
setfacl -m "u:johnny:rwx" file
setfacl -b file
If you are using an directory just use the
-R option, as meentioned in the documentation.
apply facl to all new files in the future
By default the ACLs will only apply to files which exists. If you want to transfer this rights to new generated files add the