We don’t allow simple FTP on our server because log ins are sent in clear text. But the VirtualMin --> My Domain --> Edit Users only allows for adding an “FTP” user… and there is no way to add a second “FTP and SSH” user to the site with his or her own unique password.
I sometimes need to give some expert access, I can certainly trust the person, and would turn off his access when his work is done. Changing the main admin SSH password and giving that to him that is a royal pain, as the rest of our team that has that password embedded in the keychain (or where ever) has to fix all the SFTP book marks… so it is better if I can give a unique discreet FTP + SSH user name and password to a new user, let him work, the revoke his privileges when he is done.
Is there a solution for this?
By default adding an FTP user, is the same thing as adding an SFTP user. That is, FTP users are “unix” users, so all you need to do, in order to disable FTP access, is merely turn off “ProFTPD”.
*** we disabled FTP access a few years ago after adopting SFTP/SCP as the means of accessing file transfer ***
We do have two “low level” sites with no certificates and I need to be able to FTP to those… so disabling ProFTPD may be a problem… but disabling FTP is not the issue… adding and SFTP enable user is the issue.
in the “Edit User” panel we have the option to "
“Add a user to this server” (on the let set of options/links) OR
" Add a website FTP access user."
it does not matter which option I use… in both cases
- no new directory is created in /home (where the other linux users are…)
- the user is added but only gets FTP access and not FTP and SSH.
I see these two users:
domainowner domainowner Development Site for Himalayan Academy Publications Unlimited 27.63 GB FTP and SSH All
newuser newuser.domainowner HisReal Name 1024 kB Unlimited FTP only No
and the server will not accept an SFTP connection from the newuser.
Perhaps I have to add that from the terminal as root?
But I don’t know how to limit the user to a particular directory…
I looked up adding and SFTP user in RedHat, but it’s a bit of a black art requiring me to touch the sftpvd.conf file and create some chroot list etc. which are a bit above my pay grade …
I’m a believer in “If you don’t understand it, don’t do it!”
So… hoping we can manage this from inside the VirtualMin GUI.
The “Add a website FTP access user” user wouldn’t actually work for SSH… that sort of user is indeed FTP only. (as the shell is set to “/bin/false)”.
However, if you use the “Add a user to this server” option, and you set the login permissions to Email, FTP, and SSH (which should be the default) – that user will be given the “sh” or “bash” shell, and will then be able to login via SFTP and SSH.
What shell is the
newuser being assigned?
I think we may be talking two different things here. SFTP, is “file transfer over SSH”…
When a linux user is created, they are generally by default granted SSH/SFTP access, unless specifically setup differently.
*** SFTP operates over port 22, and you need a client program which is setup to connect over SFTP. Thankfully most FTP clients have been equipped with SFTP capability for a number of years. The client we recommend is FileZIlla as it’s cross platform compatible (Mac, PC, Linux) ***
“Add a user to this server” does not offer the option for
Email, FTP, and SSH
Email and FTP
And to spice things up: when I added the user to the server and set the directory for him to “automatic”
VirtualMin moved the entire content of public_html folder into
/home/devdomain/homes/newuser/[all public_html content here! Yikes, site off line!]
Virtual min in effect did this (my guess)
mv /home/devdomain/public_html/* home/devdomain/homes/newuser/*
I suddenly got calls from my team “our site just disappeared!” hehe… fortunately it is a devserver and I retraced all my actions history in root showed no mv or rm activity so i looked into /devdomain/ found the content, moved it back out and rename “newuser” to “public_html” and the site was up again whew!
So, there is some serious bug there…
and back to the point: no option to grant “new user” any ftp-over-ssh privileges.
@Peter, yes, I think we are all on the same page. The problem is that VirtualMin’s “Add user to this server” is not working as advertised…and in fact is just added a FTP user we are not getting a new linux user with the default SSH/SFTP access.
Can i add screen shots here? OK I added an attachment image of the options available for permission after clicking “Add user to this server”
Very odd, when we click on
Add a user to this server. we’re presented with
Email only, Email and FTP, or Email and SCP, while if we click on
Add a website FTP access user. we’re presented with
FTP only, or SCP only as outlined in my two attachments.
Are you sure the proper shells are available, and/or that they are properly configured under
Virtualmin > System Customization > Custom Shells. We use the default setup when installing Virtualmin. Also which version are you running?
@Peter: Well my assumption (perhaps wrong) would be that if the main domain owner/name, which is by default the name of the home folder with all the domain content… in this case “devhap” … if that user has FTP and SSH access… on assumes the proper shells are available. But I will look at the Custom Shells options. But would rather here back first from VirtualMin team on why I don’t see what you see.
Could you take a snapshot of your
Custom Shells page and post here?
This may shed light on what could be causing the problem, which would help both the Virtualmin team, and me to help diagnose the problem.
*** I’ve been an active part of the Virtualmin community (forums) since 2009, have been using the product since it was first developed, and prior to that Webmin for nearly 10 years. Eric, Jamie, and Joe (the Virtualmin team) can clarify that I’m pretty well versed with the programs, as are a number of other community members. ***
Peter: Custom Shells screen shot attached. They are set as per VirtualMin Defaults. I’m not familiar enough with these to know what to turn on to allow additional users “FTP and SSH”
and, as requested: the version: VirtualMin 3.97 (CentOS Linux 6.3)
Try this, switch to
Custom shells below … then place a check mark in the first column to
Enable row 7 with the
Path to shell reading
This will enable SCP (SFTP) access to users you delegate that permission.
Test it out, and if it gives you the desired results, then you’re in business, if not you can always revert back the defaults.
*** In my Virtualmin installation, the shell mentioned above is setup by default. I think each linux distribution may be different though ***
OK, done… but it does not appear as a permission option in the virtual server “Edit Users” permissions for a new user. Do I need to stop and start VirtualMin to pick up the new setting?
Try clicking on
Add a website FTP access user and see if the permission shows up.
If not, I’d be happy to take a peak over a brief screen sharing session to help diagnose what’s going on.
I’m available on Skype with the username
I stopped and restarted webmin after checking the custom shell you suggest, but still that permission does not appear as available.
I’ll wait for the VirtualMin Team to chime in first… I have to get some real work done here! Thanks for the offer though.