Integrations that need to pick up data exports is a classic example, where you want a remote system to have access to a certain folder on your Bolt.
To keep it secure, you don’t want to give the remote system access to your whole site, but limit the access to a specific folder.
Time needed: 10 minutes.
Following these four steps will create an SFTP account that can only access one specific folder.
- Add a new Site to your Bolt
With every Site you add to your Bolt, you get a new SFTP account. This account is secure, and by default only has access to its own files.
In this example we’re naming the Site “remote system access”, and we do not need a new database so we just hit Create new site.
After making the site, you’re dropped in the admin panel where the SSH and SFTP username is visible, and you can create a password with the Reset SFTP/SSH password feature.
Now you have a separate SFTP login. We’ll be will be using this later to allow access only to a certain folder in the other site’s file structure.
- Set group permissions that will allow access for group members
Our next goal is to make sure that members of the group get access. This is easiest to do through SSH. Log in to your website’s through SSH.
In this example, we want to allow access to the following folder:
To achieve this, all folders after
/kunder/gmailc_6128/need to have read and execute group permissions (5 = r-x) that will allow the login made in Step 1 access. This can be done by executing the following four commands on the command line:
chmod 750 /kunder/gmailc_6128/sftpbo_8626
chmod 750 /kunder/gmailc_6128/sftpbo_8626/public
chmod 750 /kunder/gmailc_6128/sftpbo_8626/public/wp-content
chmod 750 /kunder/gmailc_6128/sftpbo_8626/public/wp-content/integration
- Create a symlink to the folder
The last step for setting up the restricted access to a folder is to sign in through either SFTP or SSH to the account to be used by the integration. After which we’ll create a symlink (symbolic link) from a folder named with your choice, to the folder to which the account should have access.
In this example, we want the folder
/kunder/gmailc_6128/sftpbo_8626/public/wp-content/integrationto be accessible for the new SFTP user account
remote_8627. After logging in with
remote_8627we need to create the symlink. Here we can choose what to name the folder, in this case we have named it
sharedfolder. Symlinks are made with the command
$ ln -s /kunder/gmailc_6128/sftpbo_8626/public/wp-content/integration sharedfolder.
When this is done, and all permissions from Step 2 are correct , we can now access the files that are in
/kunder/gmailc_6128/sftpbo_8626/public/wp-content/integrationby accessing the
- Verify that everything works
The final step is to make sure that everything behaves as expected. The
remote_8627user should now be able to log in through SFTP and read files that are in the sharedfolder directory.
If extended access is needed, you may need to change permissions in step 2 to the levels you require. For example, if you want to edit change or delete files, read and execute is not enough, but you’ll also need write access (
Give us your feedback on this article
Did this help you?
We have launched in the UK! 🇬🇧
Servebolt Cloud UK is now available to all clients. Our London data center will ensure that all clients with their majority of visitors in the UK experience extremely fast websites!