From 8b3bf0b4de58380c1e60d1d8d4509e185405f33e Mon Sep 17 00:00:00 2001
From: ljf <ljf+github@grimaud.me>
Date: Thu, 25 Nov 2021 12:28:21 +0100
Subject: [PATCH] SFTP on apps permissions

---
 .../13.sftp_on_apps/sftp_on_apps.md           | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 pages/01.administrate/07.specific_use_cases/13.sftp_on_apps/sftp_on_apps.md

diff --git a/pages/01.administrate/07.specific_use_cases/13.sftp_on_apps/sftp_on_apps.md b/pages/01.administrate/07.specific_use_cases/13.sftp_on_apps/sftp_on_apps.md
new file mode 100644
index 00000000..d90aced5
--- /dev/null
+++ b/pages/01.administrate/07.specific_use_cases/13.sftp_on_apps/sftp_on_apps.md
@@ -0,0 +1,33 @@
+---
+title: Give SFTP permission to edit an app
+template: docs
+taxonomy:
+    category: docs
+routes:
+  default: '/sftp_on_apps'
+---
+
+In YunoHost permission management web admin interface, you can specify which user can access your system through SFTP.
+
+However, those user are chrooted in their home directory for security reasons.
+
+If you want to give access to a specific apps through SFTP, here are additional steps to do after giving the SFTP permission in the web interface.
+
+In instructions below, USER is the user to whom you wish to give permission to edit wordpress files.
+
+```bash
+mkdir -p /home/USER/apps/wordpress
+touch /home/USER/.nobackup
+mount --bind /var/www/wordpress /home/USER/apps/wordpress
+echo "/var/www/wordpress /home/USER/apps/wordpress none defaults,bind 0 0" >> /etc/fstab
+find /var/www/wordpress -type d -exec chmod g+s {} \;
+
+setfacl -R -m u:wordpress:rwX /var/www/wordpress
+setfacl -R -d -m u:wordpress:rwX /var/www/wordpress
+setfacl -m u:wordpress:r-- /var/www/wordpress/wp-config.php
+
+setfacl -R -m u:USER:rwX /var/www/wordpress
+setfacl -R -d -m u:USER:rwX /var/www/wordpress
+```
+
+