# Setup SFTP to Public Directory (/var/www)

### Configuring SSH for SFTP

1. `vim /etc/ssh/sshd_config`
2. Comment the following line:
    
    
    1. `<span class="typ">Subsystem</span><span class="pln"> sftp </span><span class="pun">/</span><span class="pln">usr</span><span class="pun">/</span><span class="kwd">local</span><span class="pun">/</span><span class="pln">libexec</span><span class="pun">/</span><span class="pln">sftp</span><span class="pun">-</span><span class="pln">server</span>`
3. Add the following lines:
    
    
    1. `<span class="typ">Subsystem</span><span class="pln"> sftp </span><span class="kwd">internal</span><span class="pun">-</span><span class="pln">sftp</span>`
    2. `<span class="typ">Match</span> <span class="typ">Group</span> <span class="pun"><</span><span class="pln">sftp </span><span class="kwd">group</span><span class="pun">></span>`
    3. `<span class="typ">ChrootDirectory</span> <span class="pun">%</span><span class="pln">h </span>`
    4. `<span class="typ">ForceCommand</span> <span class="kwd">internal</span><span class="pun">-</span><span class="pln">sftp</span>`
    5. `<span class="pln">X11Forwarding </span><span class="kwd">no</span> `
    6. `<span class="typ">AllowTcpForwarding</span> <span class="kwd">no</span>`
4. Save and close
5. Reload ssh `sudo systemctl restart sshd`

### Add SFTP User and Set Permission

1. `sudo groupadd <user> -g <sftp group> -s /bin/false -d /var/www/html`
2. `sudo passwd <user>`
3. `sudo chown root /var/www/html`
4. `sudo chmod 755 /var/www/html`
5. `sudo mkdir /var/www/html/<dir>`
6. `sudo chmod 775 /var/www/html/<dir>`
7. `sudo chown apache:apache /var/www/html/<dir>`
8. `sudo chmod g+s /var/www/html/<dir>`

### Selinux

1. `sudo setsebool -P ssh_chroot_rw_homedirs on`
2. `sudo setsebool -P httpd_unified 1`
3. `sudo setfacl -d -m g:apache:rw /var/www/html/<dir>`

### References

1. [Spiceworks Article](https://community.spiceworks.com/how_to/112551-setup-a-sftp-server-running-on-centos-linux-7)
2. [CentOS Docs](https://www.centos.org/docs/5/html/5.2/Deployment_Guide/s1-acls-setting.html)