Steps to setup Wordpress in a SFTP jail

2 min read Filed in wordpress sftp jail

I have a few servers that I once in a while have to drop a Wordpress install on where folks need access. Given that more access generally leads to people confused I always set them up in a jail. This usually requires that I pull up my zsh history and run through the song and dance. I could automate it, but it’s one of those tasks that I’d spend more time writing a script then just punching in some quick commands.

  1. Setup a group that’ll be assigned to users that need a jail in sshd_config. This is one of those things I only do once when I fire up and instance.
Match Group sftponly ChrootDirectory /home/%u ForceCommand internal-sftp AllowTcpForwarding no
  1. Let’s do some user ops.
➜ ~ useradd $USER ➜ ~ passwd $USER ➜ ~ usermod -aG sftponly $USER
  1. Setup our jailed home directory
➜ ~ sudo -u $USER mkdir -pv /home/$USER/my.awesome.domain.something ➜ ~ chown root. /home/$USER ➜ ~ chmod 755 /home/$USER ➜ ~ chgrp -R $USER /home/$USER
  1. Ditch the shell
➜ ~ usermod -s /bin/false $USER
  1. Pull Wordpress and unpack
➜ ~ cd /home/$USER/my.awesome.domain.something ➜ ~ wget http://wordpress.org/latest.tar.gz ➜ ~ tar zxf latest.tar.gz ➜ ~ mv wordpress/* . ➜ ~ rm -rf wordpress/

  1. Setup Wordpress with the usual config (wp-config dance, pull plugins, et cetera).

  2. Add said new server block to nginx

server { server_name my.awesome.domain.something; access_log logs/my.awesome.domain.something.access.log main; root home/$USER/my.awesome.domain.something; }

  1. Add user to sshd_config

  2. Lock down Wordpress

➜ ~ find . -type d -exec chmod 755 {} \; ➜ ~ find . -type f -exec chmod 644 {} \;

And so completes a fast and furios Wordpress setup in a jail. User happy, me reasonably happy, on to other coding things.