Title: determining path to WordPress
Last modified: August 22, 2016

---

# determining path to WordPress

 *  [snakpak](https://wordpress.org/support/users/snakpak/)
 * (@snakpak)
 * [11 years, 10 months ago](https://wordpress.org/support/topic/determining-path-to-wordpress/)
 * This plug-in seems to assume WordPress and its files are in a certain location,
   what location is that? Are you assuming first that the sftp login is `/home/someuser`
   and you’re looking for something like `/usr/local/www/apache23/website` … type
   of path to WordPress?
 * I would first like to understand what path is being used in this plugin so I 
   can get it working for me… and ideally, please point me to where in the PHP code
   this variable is set as I’d like to edit it myself. I’d like to request in the
   next version that it prints the the location to the screen that the SFTP user
   sees when logging in. Simpler, easier.
 * In the future it would be awesome to be able to edit the path from within WordPress.
   I run my own servers in a secure configuration, and it’s not a standard path 
   to the web server when running inside a FreeBSD chroot jail. The / path that 
   the jail sees is not normally the same as what the SFTP user sees, which is why
   the plugin isn’t working for me. However with some basic Unix skills I can make
   it look the same if I chroot the user as well, then providing the SFTP user a
   custom path to WordPress using `mount_nullfs` in FreeBSD (I believe it’s `mount--
   bind` in Linux). Or better yet, if I knew PHP better I would review the code 
   on my own and customize this plugin for my own purposes.
 * Thanks!
 * [https://wordpress.org/plugins/ssh-sftp-updater-support/](https://wordpress.org/plugins/ssh-sftp-updater-support/)

Viewing 1 replies (of 1 total)

 *  Thread Starter [snakpak](https://wordpress.org/support/users/snakpak/)
 * (@snakpak)
 * [11 years, 9 months ago](https://wordpress.org/support/topic/determining-path-to-wordpress/#post-5176476)
 * I figured this out, the plugin assumes the location of the wordpress files are
   in the same place relative to / as when the user logs in. Since this isn’t the
   case in my environment, I CHROOTED my SFTP users and then mounted a nullfs filesystem
   to fake it into working, so the SFTP user appears to have full access to everything
   on the server but in fact only has read/write access to the WordPress folder.
 * For the benefit of other people, there’s a quick summary of how to do this on
   FreeBSD if your web server is inside a secure jail. First, just follow this tutorial
   to CHROOT sshd and then add a user for WordPress to use: [http://bsdtutorial.org/freebsd/sftp-chroot/](http://bsdtutorial.org/freebsd/sftp-chroot/)
 * Then all you need to do is mount part of your jail’s filesystem inside the wordpress-
   user directory. The user will *only* have access to the wordpress files and not
   the rest of the web server, so it’s a much safer way to implement remote access
   using this plugin. Here’s an example of how to do this as root, using “wordpress-
   user” as the user and an obvious path to the jailed environment.
 *     ```
       # chown -R root:chroot /home/wordpress-user
       # mkdir -p /home/wordpress-user/usr/jails/webjail/usr/local/www/apache24/mysite
       # chown -R flouken:chroot /home/wordpress-user/usr
       # mount_nullfs /usr/jails/webjail/usr/local/www/apache24/mysite /home/wordpress-user/usr/jails/webjail/usr/local/www/apache24/mysite
       # chmod -R 775 /usr/jails/webjail/usr/local/www/apache24/mysite
       # chown -R wordpress-user:www /usr/jails/webjail/usr/local/www/apache24/mysite
       ```
   
 * Then when the wordpress-user logs in, it will *only* have read/write access to“
   mysite” and absolutely nothing else. Much safer if WordPress gets compromised
   and your SFTP credentials are stolen – the user cannot break out of the wordpress
   directory. If all is working you can then add an entry into /etc/fstab to make
   the mount_nullfs permanent upon reboot of the server.
 * Hopefully this helps someone out there who also runs their web servers inside
   secure jails… the Internet would be a safer place overall if more people did 
   this.

Viewing 1 replies (of 1 total)

The topic ‘determining path to WordPress’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/ssh-sftp-updater-support.svg)
 * [SSH SFTP Updater Support](https://wordpress.org/plugins/ssh-sftp-updater-support/)
 * [Support Threads](https://wordpress.org/support/plugin/ssh-sftp-updater-support/)
 * [Active Topics](https://wordpress.org/support/plugin/ssh-sftp-updater-support/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/ssh-sftp-updater-support/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/ssh-sftp-updater-support/reviews/)

 * 1 reply
 * 1 participant
 * Last reply from: [snakpak](https://wordpress.org/support/users/snakpak/)
 * Last activity: [11 years, 9 months ago](https://wordpress.org/support/topic/determining-path-to-wordpress/#post-5176476)
 * Status: not resolved