User management

Hi there,

Can you guys recommend any best practices for managing users access to a virtual server and sub servers?

Here's the scenario:

We have about 10 users we want to have ftp/ssh access to a virtual server and all the sub servers under it. (We're creating a digital archival system of sites we've created, would like all devs to be able to access all of them)

  • Is it possible to have virtual sub servers automatically inherit users/permissions assigned to the top level server? If so, how?

  • When creating a sub server, I don't see anywhere to define user access. Is that by design?

  • When I do create a user for each sub server, it creates a diff username. Is there a way to use the same usernames across the board?

Any help would be appreciated!!



Howdy -- when you create a user for a top-level Virtual Server, it by default would have rights to the Sub-Servers within that account.

The usual way to make a user that can edit files for all the domains within an account would be to create a Website Access FTP User for the top-level Virtual Server, and then that user could browse into the other Sub-Servers to make changes if they want/need to.

Would that do what you're after?

I tried that and here's what I found. When you login via FTP, it takes you to /home/toplevelserver/public_html

all the sub level servers are located at: /home/toplevelserver/domains

I don't think I can browse back up a directory. I did however, find that you can connect directly to the sublevel server, which would work.

Now, when I create the default user for the top level directory, it gives that user Email, FTP and SSH access. How can I do the same for the rest of the users? Would like to give them all SSH access as well, and I can't seem to find an option to give them SSH access.

By default, FTP users would actually be able to go up a directory, and then browse into the "domains" dir in order to get access to your other domains there.

If that functionality has been disabled on your server though, we can go over other ways to handle that.

okay, what about giving them ssh access like the default user?

What you may want to try is to create a website access FTP user, but once you do that, manually edit their account and change the shell from "/bin/false" to "/bin/bash".

I'm not sure sure why SSH isn't an option in that particular case, but granting that access should be a simple matter of updating the shell that they're using.