Multiple shell+ftp users under 1 cpanel account

If the staff members only need FTP access, what you can do is create additional FTP accounts via the cPanel interface and grant them permissions to the directory to which they should have read/write permissions.

In the cPanel Interface (X3 theme) go to the "Files" feature block and click on "FTP Accounts" and you will immediately be brought to a page where you can create or modify FTP accounts. You also have links to one-click configuration for some of the more popular FTP applications for each account.

 

Keep in mind that unlike cPanel users, FTP users (with exception of the "main" user for the account) are not system users. Note, a user does not need SSH access to use SFTP.

However, the only way I can readily think of to grant SSH access to those users is to do so manually. Even then, I'd only grant jailed shell access at the extreme most. In all my years as a web designer though, I've never needed nor granted SSH access to a third party individual on a cPanel account.

Any particular reason for granting SSH access? Just want to make sure there aren't better options available before creating a potential security issue.

 

Ah, okay. Just making sure it wasn't something like "to unzip files" or something

Creating SSH accounts limited to a specific directory is outside my range of expertise, but I'm sure someone else here may be able to help you out

I know there was a post about creating a new SSH account, but it didn't make any mention of limiting the account to a specific path:

http://forums.cpanel.net/showthread.php?t=69517

 

Looking at the man page for it, it appears you can: http://linux.die.net/man/8/useradd

I'd definitely make note of their usernames so you don't run into any issues with conflicting usernames at a later time.

 

A question about this...

In cPanel 11, under FTP User Manager module - there is an option for each and every additional FTP user where we can configure SFTP access for that user...

Does this mean since only main cPanel account owner can log in via SFTP (since it uses Shell in the background) - that all this extra settings and stuff cPanel generates are erroneously put there?

I have a user who would like to have his FTP sub-accounts connect to the server via SFTP... Is such possible without manual user creation by the root?

 

And peconi's user would be... me! For a little more background:

I want to set up secure file storage for multiple users. I have configured multiple Web Disks for the users and this works OK. But I also want to allow SFTP access to these locations, ideally with public key credential login. Obviously, the users must not see each other's files.

I understand that the files will only be secure in transfer and will not be stored encrypted on the site. This is something I desire but imagine that I'll have to write a module to handle this myself. Eventually I'll probably use a dedicated appliance like Accellion offers, once it fits into the budget.

Thanks!

 

Why not use FTP over SSL as that is supported for all FTP accounts on the system? SSL is the same thing that encrypts HTTP traffic for e-commerce websites. Cyberduck for Mac OS X supports this as does FileZilla on Windows.