Suppose if you have an EC2 instance where you host 2 sites, say website1 and website2.
Files of website1 are in the folder /var/ww/html/website1
Files of website2 are in the folder /var/ww/html/website2
Say you want to give access to website1 for some developers and to website2 for another set of developers.
So let us have 2 groups, say group1 and group2.
To create groups we need to run
Then we add an user to group1
useradd -G group1 developer1
Now login as developer1 using the sudo and su commands.
sudo su developer1
Now go to developer1’s home directory.
Generate a new public/private key pair for this user using the ssh-keygen command.
ssh-keygen -b 1024 -f developer1 -t dsa
Now create the .ssh/.authorized_keys file with the appropriate ownership and permissions.
chmod 700 .ssh
cat developer1.pub > .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
chown developer1:group1 .ssh
chown developer1:group1 .ssh/authorized_keys
Now download the private key using winscp or any other sftp program. Convert the file to .ppk file (Filezila will automatically convert if you try to add the key)
chown developer1:group1 /var/www/html/website1
Now the developers in group1 has write access only to /var/www/html/website1 but they have read access to all other directories.