make ftp working with ssh without changing permissions

the problem#

If you want to disable your root user of the maschine being accessed via SSH you probably ran into Problems with SFTP on your server. As long you use the root user of the maschine your SFTP will work fine, but if you change your user you will get into trouble.

I’m working a lot with docker and bind mounts for config files so I can’t change the owner/permission of the directory or file I’m binding to. That causes that I’m not able to upload updated versions of this file or write into this directories via SFTP.

why not use CHMOD#

I don’t want to touch the rights on the server. So if I change the rights with chmod I’m not able to determine what the original permission was.

the solution: ACL to the rescue#

There is something called ACL-Access Control Lists. It is an aditional layer for rights in Linux. And it is lifes on top of the basic rights management of linux. So I can use this technic to modify file permissions without touching the original rights.

basic usage#

ACL are super easy to use:

getfacl <file/dir>

Setting rights to user johnny to write, read, execute on specific file:

setfacl -m "u:johnny:rwx" file

Removing acls:

setfacl -b file

If you are using an directory just use the -R option, as meentioned in the documentation.

apply facl to all new files in the future

By default the ACLs will only apply to files which exists. If you want to transfer this rights to new generated files add the -d option.