Is it possible to create a sub-user who has FTP access to the /var/www/html/ directory (and sub-directories, or even better, access only to a specific sub-directory?)

When I added a user they just got their own directory in /home/<user>/ and that was basically it. Also I couldn't access the sub-user's directories even when logged in with the administrator account (tried CHMODing it to 775 as well).

I have little experience with *nix filesystems so, yeah, the whole users/groups/permissions/whatever thing is still a bit of a mystery to me.

Access control lists are your pal. Use setfacl from the shell to set an ACL for a user on a file (or directory). Examples would be...


setfacl -m user:foo:7 /var/www/html/ -- give user foo rwx access to /var/www/html/, effectively allowing him to list directory contents and create new files
setfacl -R -m user:foo:7 /var/www/html/ -- similar to the previous command, but include all files and directories under /var/www/html/, now user foo can edit and delete existing files
setfacl -R -d -m user:foo:7 /var/www/html/ -- set the default ACL for all new files created under /var/www/html/. This locks user foo out from modifying new files.

How about if you use the previous two in conjunction? It's nearly equivalent to sharing the login name with the user, that is to say they have nearly analogous permissions. Now what if user foo creates a new file? It locks your user out from editing it as you aren't the owner.

setfacl -R -d -m user:<your username>:7 /var/www/html/ -- fixes the aforementioned dilemma.

And that you have it, a quick 3 minute crash course into ACLs in Linux. Run "man setfacl" from the shell for more information about setting ACLs.

Thank you =D I see that there is an *ACL page in the controlpanel as well, I imagine it's for this kind of thing (when it's done)?