Linux sftp — how to add new user to access exist directory with write permission?

I have built a website and I can access and edit the website'files on server via the root user. The current file and directory structures are not changeable. Now I am hiring a webpage designer to help me re-design some pages, I am going to let the designer edit the files directly on the server. So I need to add a new user and restrict the new user to access only three front-end related directory. And the three directories are not in the same directory, like below:

/home/www/application/index/view (html files)

/home/www/public/js (js files)

/home/www/public/css (css files)

The first step adding new user has been accomplished. But the problems are:

1 how to let the new user access above directories with write permission?

2 how to bind above three directories to the new user? (It seems ChrootDirectory can only bind one directory.)

Any suggestions will be appreciated. Thanks!

First thing: Who owns those files and what perms do you have on those directories? ( and contained files...)

When working like you describe, you should copy your entire web document tree over to a new directory and give your developer access to that "development" instance.

Your "development instance" can be on the same server or another server.

Do not set things up where a web developer is working on your original files. Have them work and test based on a copy of your web filesystem and then when you are happy with it, deploy it.

This is roughly a very short description of how to do what you want to do and there are many different ways to do it.

In a nutshell,

• Have the developer work on a copy, not the running code.
• Test the planned upgrade and do not deploy until the code has been well tested.
• Use a configuration management tool like git and github to manage version control do you can see what changes from version to version and restore any files which are buggy, etc.

Thank you so much for your suggestion. Indeed, letting the developer test in a copy instance first is a reasonable way. However, in the copy instance, I still have the same problem: How to restrict the new user to access only that three front-end related directory? And the three directories are not in the same directory. For now, I've solved the first problem (accessing existing directory with write permission) with following codes:

cd /home/www/application/index/view
chmod -R a+w *

But the second problem (how to bind above three directories to the new user?) is still there. I added following codes to /etc/ssh/sshd_config:

Subsystem sftp internal-sftp
Match User test1 
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
/home/www/application/index/view

But only one folder (/home/www/application/index/view) is accessible. How to let the other two folders also accessible for the added new user?
I am a beginner to Linux, your help will be greatly appreciated.

That depends on the owner and group of the folders. Ownership is often resolved by changing the users, rather than changing the files.

ls -l /path/to/folders/of/interest

a+w is not a good solution if you don't want to give every single person there is write access.

After many times of researches and tries, I have it worked. The approach may have many disadvantages, as a beginner, it has been the most satisfied result that I can get. My steps are as follows:

1 Add a new user test1.
2 Make a root folder for test1.
3 Make three sub-folders, each will map to the corresponding exist folder we are going to let test1 access.
4 Make the three exist folders writable.
5 mount --bind each exist folder to corresponding sub-folder.
6 Done.

After above steps, user test1 will be able to access above three exist folders and contained files, and then edit.