Today, it is necessary to configure a ftp to the server for the client developer to update the php file for development. As a result, I now use sftp, and the days of discussing vsftpd or pureftp are long gone.
Here are the specific steps for reference:
http://askubuntu.com/questions/134425/how-can-i-chroot-sftp-only-ssh-users-into-their-homes
http://askubuntu.com/questions/49271/how-to-setup-a-sftp-server-with-users-chrooted-in-their-home-directories
install scponly
yum install scponly -y
Then
useradd bob -s /usr/bin/scponly
For /etc/passwd, the content is roughly like this,
overlord:x:501:500::/home/bob:/usr/bin/scponly
Then change the password:
passwd bob
Then modify /etc/ssh/sshd_config and add it at the end (must be at the end)
Match User bob
ChrootDirectory /home/bob/
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Then set the directory permissions specifically, which is quite critical here. If the permissions are not set correctly, it is not easy to use. Specifically as follows:
sudo chown root /home/bob
sudo chmod go-w /home/bob
sudo mkdir /home/bob/writeable
sudo chown bob:www-data /home/bob/writeable
sudo chmod ug+rwX /home/bob/writeableI use nginx to run php-fpm environment, the group is www-data, so g+rw must be required, this is the most critical, otherwise php cannot read the file.
Permission setting reference: https://zh.wikipedia.org/wiki/Chmod
The effect of this is to take /home/bob as the ftp environment of the root directory.