Support / KnowledgeBase

 
Search the KnowledgeBase Search

Creating additional FTP/SFTP users

  • Applies to: (dv) 3.5, (dv) 4.0, DV, Grid

  • Difficulty: Easy

  • Time needed: 10 minutes

  • Tools needed: AccountCenter access or Plesk administrator access, SSH

 
  • Applies to: Grid
    • Difficulty: Easy
    • Time Needed: 10
    • Tools Required: AccountCenter access
  • Applies to: DV
    • Difficulty: Easy
    • Time Needed: 10
    • Tools Required: Plesk administrator access or root access, SSH, vi knowledge
  • Applies to: DV 4.0
    • Difficulty: Easy
    • Time Needed: 10
    • Tools Required: Plesk administrator access or root access, SSH, vi knowledge

Overview

You can add FTP users to your server. You have the ability to grant custom access to each user.

These users can also have SSH and SFTP access, but only to their own home folders.

FTP users are created by enabling FTP access for an email account. This can be done for an existing email account or a new email account. It is possible to route all email for that address to the trash if you don't want the FTP user to receive email.

Instructions

  1. Sign into the AccountCenter.
  2. Click on your primary domain.
  3. Click on the Email Users tool.

    Ac emailusers.png

  4. Either click on Add new user or click on edit next to an existing email address to which you want to add FTP access.

    Ac emailusers add.png

    OR

    Ac emailusers edit.png

  5. If you are adding a new user, fill out the information as explained here: Creating a POP/IMAP email account.
  6. Select the option to Enable Sub-FTP access.

    Ac emailusers ftp.png

  7. A new set of options will open up. Here you can choose the following:

    Ac emailusers ftp details.png

    • /users/username%s - This option grants the most restricted FTP access, limited to the user's home folder. This is useful if someone just needs a personal storage location. This option also grants access to the email files for that user, which are stored in a folder called Maildir. Be careful about changing files in the Maildir folder.
    • /domains/ - This option grants access to all of your domains.
    • /domains/ with dropdown - This option grants access to a specific domain, chosen from the dropdown menu.
    • custom - You can grant access to any existing folder on the server with this option. It can be very permissive (example: / grants the same access as the main user) or very restrictive (example: /domains/example.com/html/subfolder/ grants access to a limited folder).
      • If you get the error: "The directory that you have set for your FTP user does not exist", this means you need to add the folder first. You can do this with the main FTP user, or through the File Manager.
      • This is the only option that "chroots" the FTP user - that is, it hides all higher folders from them. If you desire this feature, you can type in /domains/ or /domains/example.com/ and it will work the same as options 2 and 3. Otherwise, the FTP user will be able to see other folders although s/he won't be able to affect them in any way.
  8. Decide whether you also want to grant SSH/SFTP access. SSH is command line access. SFTP is Secure FTP. Both of these options work for ONLY the user's home directory. The main user, serveradmin, is the only SSH/SFTP user available for general server use. If you do want to grant access, select the Grant SSH access option.

    NOTE:

    The main user, serveradmin, is the only SSH/SFTP user available for general server use.

    Here's how your user will connect to your Grid via SSH:

    • Username: username@example.com (substitute the email address)
    • Password: email password (see How can I change email passwords? to change it).
    • SSH login syntax (Terminal on Mac):
      • (Note that the username uses % rather than @. @ is used right before the server name, which can be your domain or your access domain.)
    ssh username%example.com@example.com

    For more information, please see: Connecting via SSH to your server.

  9. Click save at the bottom.

That's it! You should be able to log into the server with this user with any standard FTP program. See Using FTP and SFTP for further assistance.

Disable email

Add an email alias for this user, and select the option to have it forward to the (trashcan/blackhole). This will stop incoming email, but email can still be sent from this address.

FTP user limit

You can create up to 1000 FTP users on the Grid - this is the same as the email user limit, since an email user is a prerequisite for an FTP user.

Overview

Plesk 11 allows you to enable SSH for the main FTP user for each domain. The first section explains how to do this. The second section shows you how to create additional SSH users for any subfolder under a particular domain, or a high-level SSH user.

Instructions

Add a new user (Plesk method)

TIP:

These screenshots are for DV 4.0 and Plesk 11. If you are on DV 4.0 and are running Plesk 10.x, please see this article for upgrade information: How do I upgrade Plesk?

  1. Log into the Plesk Control Panel for your domain.


    The Plesk Control Panel.

  2. From the Home page, click on Websites & Domains. See Figure 2:


    Click on Websites & Domains.

  3. Next, click on FTP Access. See Figure 3.


    Click on FTP Access to view your current FTP users.

  4. To add a new user, click on Create Additional FTP Account. See Figure 4:


    Click Create Additional FTP Account.

  5. Enter a username, custom home directory, and password. Then click OK.


    • FTP account name: This is the FTP username.
    • Home directory: Click on the folder to navigate to the desired directory, or leave it with just / to grant access to all domains in that subscription.
    • Password: This will be your FTP password. Please choose a strong password.
  6. You're done setting up your new user! Your FTP username and password will now work.

Edit an existing user

Follow steps 1-3 above to get to your list of FTP users. To edit the details for an existing user, click the user's name to edit.


Your current list of FTP users.

Enable SFTP

To enable SFTP, you'll have to enable SSH access for the primary FTP user for this subscription. SFTP is available only for the primary user.

  1. Click on your FTP user as shown above.
  2. Next, select /bin/bash (chrooted) from the dropdown menu (unless you want a different kind of SSH access).
  3. Finally, click OK.


If the SSH option is grayed out, complete one of the following.

  • Log into Plesk with your admin user and then warp to the Control Panel, where you will now be able to edit this setting.
  • Enable the option for a customer to set SSH access for a user within the subscription settings for that domain (see Create your subscription to access your settings - click on the subscription, then go to Customize, then Permissions).

TIP:

Your primary FTP user also allows you to view your IP address and your current SSL Certificate. You can also set a disk space limit for the subscription.

  • Your IP address is a great way to access your server if your domain doesn't point here yet.
  • For more details on using this tool to create an SSH user, see the section below: Command-line method to add a new user.

Command-line method to add a new user

You can create a Linux user with fully customized access to your server via command line.

In the first example, you will create an additional user on your server with SSH and FTP access. This user will have access to a subfolder in one of your domains. The main point of this is to create a sub-SSH user. If you just need an FTP user, just follow the above instructions.

In the second example, you will make an SSH user with higher-level access. It is not recommended to make an FTP user with a higher level of access, because then you will run into permissions issues with uploaded files.

CAUTION:

This article shows you how to modify high-level configuration files on your server. Please consider making a backup of your DV server before making the changes shown in this article, or at least back up your /etc/passwd file. (mt) Media Temple does not support modifying your default server configuration.

Instructions for FTP/SSH user

  1. Log into your server via SSH or FTP as the main FTP/domain user. In this example, the main domain user will be called "alpha."
  2. Create the desired home directory for your new FTP user. In this example, the directory for the new user will be example.com/httpdocs/beta_directory.
  3. Log into your server via SSH as the root user.
  4. Check your /etc/passwd file for the user ID (UID) of your main domain user. alpha is used as an example.
    
    egrep "alpha" /etc/passwd
    
    

    This will return a line like this.

    
    alpha:x:10001:2524::/var/www/vhosts/example.com:/bin/false
    
    

    The UID is the number after the x. We will be using this UID in the next step. In our example, the UID is 10001.

  5. Run the following command to create the new user. The new user in this example is called beta.
    
    useradd -d /var/www/vhosts/example.com/httpdocs/beta_directory/ -ou 10001 -g psacln -s /bin/bash beta
    
    

    You should see output similar to the following.

    
    useradd: warning: the home directory already exists.
    Not copying any file from skel directory into it.
    
    

    Notes on this command.

    • -d designates the home directory for the new user. It should be the directory to which you want to grant FTP access.
    • -ou designates that the UID for the new user will NOT be unique, and then specifies the UID. You should replace 10001 with the UID from your /etc/passwd file in Step 4.
    • -g specifies the group for the new user. psacln is correct for all DV servers with Plesk.
    • -s describes the type of SSH access. /bin/false disables SSH access. Use /bin/bash or any other desired shell if you want to grant SSH access.
  6. Set a password for your new user.
    
    passwd beta
    
    

    You will be prompted with the following.

    
    New UNIX password:
    Retype new UNIX password:
    
    

    Type in your new password twice. You will not see your cursor moving. You should get the following output.

    
    passwd: all authentication tokens updated successfully.

That's it! You can now log into FTP and SSH with your new user. When you create or upload files with this user, they will belong to the main domain user ("alpha" in the example), so you will not run into any permissions problems. This user will also be limited in access to their home directory.

Instructions for High-Level SSH user

This example will create an SSH user with access to the /var/www/vhosts/ directory, which is where all of your website files are kept.

  1. Log into your server as root or a sudo user via SSH.
  2. Run the following command to create a user called beta.
    
    useradd -d /var/www/vhosts/ -s /bin/bash beta

    You should see output similar to the following.

    
    useradd: warning: the home directory already exists.
    Not copying any file from skel directory into it.

    Notes on this command.

    • -d designates the home directory for the new user. It should be the directory to which you want to grant SSH access.
    • -s describes the type of SSH access. /bin/false disables SSH access. Use /bin/bash or any other desired shell if you want to grant SSH access.
  3. Set a password for your new user.
    
    passwd beta

    You will be prompted with the following.

    
    New UNIX password:
    Retype new UNIX password:
    
    

    Type in your new password twice. You will not see your cursor moving. You should get the following output.

    
    passwd: all authentication tokens updated successfully.

You will now be able to log into your server via SSH with your new username and password. You will be placed in /var/www/vhosts/ by default.

Modify User

The usermod command allows you to change basic settings for any user. It is very similar to the useradd command shown above, except that it changes settings instead of setting them for the first time. For example, you can use this command to modify the user's home directory.


usermod -d /var/www/vhosts/example.com/httpdocs/new_directory/ beta
  • For more information on usermod, you might want to check the documentation at die.net.

Delete User

If you want to delete one of the users you have created, you can execute the following command in SSH.


userdel olduser

You should replace olduser with the name of the user you want to delete. If you want to also remove that user's home directory and all its contents, execute this command.


userdel -r olduser

CAUTION:

Do not use this to remove users that you (or another human) did not create. If you accidentally delete a system user, your server will not work properly and you may need to revert to default.

  • Some basic information on userdel from die.net.
 

Continue