SFTP is a secure alternative to FTP that piggy backs off of SSH. Not only is it more secure than FTP but because it is packaged with SSH, requires very little setup on headless Debian systems.
Logging in to SFTP as www-data is useful on a web server as Nginx and Apache typically run as the www-data user. This means that any files uploaded will already belong to www-data and so could help avoid permission issues without breaking out chown.
Some may say that giving www-data a password and logging in with this account is a security risk. The alternative is to create a new user and set it’s home directory to the www root location- something that is equal in terms of security risk and also involves more effort to set permissions.
By default, one cannot login as www-data. This can be changed by logging in and using the following commands:
su
nano /etc/passwd
Look for the line:
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
and change it to:
www-data:x:33:33:www-data:/var/www:/bin/bash
Press ctrl + x
then y
to save.
Next, we need to assign a password to the www-data user.
passwd www-data
Type and confirm a password. The password won’t show as you type.
That’s it! Now you can use your favourite FTP client to upload to your web server.