How to make an (S)FTP account with access to a folder on your website

Integrations that need to pick up data exports is a classic example, where you want a remote system to have access to a certain folder on your Bolt.

To keep it secure, you don’t want to give the remote system access to your whole site, but limit the access to a specific folder.

Time needed: 10 minutes.

Following these four steps will create an SFTP account that can only access one specific folder.

  1. Add a new Site to your Bolt

    With every Site you add to your Bolt, you get a new SFTP account. This account is secure, and by default only has access to its own files.

    In this example we’re naming the Site “remote system access”, and we do not need a new database so we just hit Create new site.

    After making the site, you’re dropped in the admin panel where the SSH and SFTP username is visible, and you can create a password with the Reset SFTP/SSH password feature.

    Now you have a separate SFTP login. We’ll be will be using this later to allow access only to a certain folder in the other site’s file structure.

  2. Set group permissions that will allow access for group members

    Our next goal is to make sure that members of the group get access. This is easiest to do through SSH. Log in to your website’s through SSH.

    In this example, we want to allow access to the following folder:

    To achieve this, all folders after /kunder/gmailc_6128/ need to have read and execute group permissions (5 = r-x) that will allow the login made in Step 1 access. This can be done by executing the following four commands on the command line:

    1. chmod 750 /kunder/gmailc_6128/sftpbo_8626
    2. chmod 750 /kunder/gmailc_6128/sftpbo_8626/public
    3. chmod 750 /kunder/gmailc_6128/sftpbo_8626/public/wp-content
    4. chmod 750 /kunder/gmailc_6128/sftpbo_8626/public/wp-content/integration

  3. Create a symlink to the folder

    The last step for setting up the restricted access to a folder is to sign in through either SFTP or SSH to the account to be used by the integration. After which we’ll create a symlink (symbolic link) from a folder named with your choice, to the folder to which the account should have access.

    In this example, we want the folder /kunder/gmailc_6128/sftpbo_8626/public/wp-content/integration to be accessible for the new SFTP user account remote_8627. After logging in with remote_8627 we need to create the symlink. Here we can choose what to name the folder, in this case we have named it sharedfolder. Symlinks are made with the command ln -s.

    $ ln -s /kunder/gmailc_6128/sftpbo_8626/public/wp-content/integration sharedfolder.
    When this is done, and all permissions from Step 2 are correct , we can now access the files that are in /kunder/gmailc_6128/sftpbo_8626/public/wp-content/integration by accessing the sharedfolder.

  4. Verify that everything works

    The final step is to make sure that everything behaves as expected. The remote_8627 user should now be able to log in through SFTP and read files that are in the sharedfolder directory.

    If extended access is needed, you may need to change permissions in step 2 to the levels you require. For example, if you want to edit change or delete files, read and execute is not enough, but you’ll also need write access (chmod 770 instead).

Give us your feedback on this article