Multiple shell+ftp users under 1 cpanel account

[Alfarin]

I need to allow several staff members to manage my site using various different tools. As a result of that, the best way I can see about doing this is giving them access to a pre defined directory under my cPanel account. From WHM, I've created my main account, but I don't know how I'd come about creating the child accounts under it; does anyone have experience in this area and know how to come about doing so?

I do have root access, but I'd rather not "get down dirty" and create accounts on my own, risking messing up cPanel/WHM's controls... So if there's interface to do this, it'd be great... if not, please let me know how to do this using command line safely.

 

[cPanelDavidG]

I need to allow several staff members to manage my site using various different tools. As a result of that, the best way I can see about doing this is giving them access to a pre defined directory under my cPanel account. From WHM, I've created my main account, but I don't know how I'd come about creating the child accounts under it; does anyone have experience in this area and know how to come about doing so?

I do have root access, but I'd rather not "get down dirty" and create accounts on my own, risking messing up cPanel/WHM's controls... So if there's interface to do this, it'd be great... if not, please let me know how to do this using command line safely.

If the staff members only need FTP access, what you can do is create additional FTP accounts via the cPanel interface and grant them permissions to the directory to which they should have read/write permissions.

In the cPanel Interface (X3 theme) go to the "Files" feature block and click on "FTP Accounts" and you will immediately be brought to a page where you can create or modify FTP accounts. You also have links to one-click configuration for some of the more popular FTP applications for each account.

 

[Alfarin]

If the staff members only need FTP access, what you can do is create additional FTP accounts via the cPanel interface and grant them permissions to the directory to which they should have read/write permissions. .

Thanks for that; what if they also need SSH? Would I need to create an account matching their username manually? Is there a way to keep the additional FTP account in sync with their SSH?

 

[cPanelDavidG]

Thanks for that; what if they also need SSH? Would I need to create an account matching their username manually? Is there a way to keep the additional FTP account in sync with their SSH?

Keep in mind that unlike cPanel users, FTP users (with exception of the "main" user for the account) are not system users. Note, a user does not need SSH access to use SFTP.

However, the only way I can readily think of to grant SSH access to those users is to do so manually. Even then, I'd only grant jailed shell access at the extreme most. In all my years as a web designer though, I've never needed nor granted SSH access to a third party individual on a cPanel account.

Any particular reason for granting SSH access? Just want to make sure there aren't better options available before creating a potential security issue.

 

[Alfarin]

We're a virtual firm with staff spread out across different timezones, working on a media publishing site, and often need to fetch files from partner's servers via a proprietary secure delivery platform. These media files often range from 50mb to 200mb, so it'd be quite troublesom for my staff to have to download it from their residential connection, and then upload it again via FTP. For that reason, I've compiled the client on the server and was hoping that they can access the account via SSH, and directly load the media to the publishing server. I've worked with them for quite some time now, so I trust them to give them SSH accounts, but I'd rather not give them my password for the main account

 

[cPanelDavidG]

We're a virtual firm with staff spread out across different timezones, working on a media publishing site, and often need to fetch files from partner's servers via a proprietary secure delivery platform. These media files often range from 50mb to 200mb, so it'd be quite troublesom for my staff to have to download it from their residential connection, and then upload it again via FTP. For that reason, I've compiled the client on the server and was hoping that they can access the account via SSH, and directly load the media to the publishing server. I've worked with them for quite some time now, so I trust them to give them SSH accounts, but I'd rather not give them my password for the main account

Ah, okay. Just making sure it wasn't something like "to unzip files" or something

Creating SSH accounts limited to a specific directory is outside my range of expertise, but I'm sure someone else here may be able to help you out

I know there was a post about creating a new SSH account, but it didn't make any mention of limiting the account to a specific path:

http://forums.cpanel.net/showthread.php?t=69517

 

[Alfarin]

hehe, yes, cPanel's interface can unzip files via file manager if I recall correctly, and I'd imagine it wouldn't be hard to code a little php snipplet to exec unzip command

If I were to use the useradd command to create new users, I should make a note of it so that I don't get conflicting username issues later should I try to create full cPanel accounts, right? Can I set their home directory as a directory under my webroot so they don't need to cd to it every time?

Thanks a bundle for all your help.

 

[cPanelDavidG]

hehe, yes, cPanel's interface can unzip files via file manager if I recall correctly, and I'd imagine it wouldn't be hard to code a little php snipplet to exec unzip command

If I were to use the useradd command to create new users, I should make a note of it so that I don't get conflicting username issues later should I try to create full cPanel accounts, right? Can I set their home directory as a directory under my webroot so they don't need to cd to it every time?

Thanks a bundle for all your help.

Looking at the man page for it, it appears you can: http://linux.die.net/man/8/useradd

I'd definitely make note of their usernames so you don't run into any issues with conflicting usernames at a later time.

 

[Alfarin]

Okay, I think I'll be having a field day today, doing a few test accounts first before I start with the real thing Thanks a lot for all your help!

 

[peconi]

A question about this...

In cPanel 11, under FTP User Manager module - there is an option for each and every additional FTP user where we can configure SFTP access for that user...

Does this mean since only main cPanel account owner can log in via SFTP (since it uses Shell in the background) - that all this extra settings and stuff cPanel generates are erroneously put there?

I have a user who would like to have his FTP sub-accounts connect to the server via SFTP... Is such possible without manual user creation by the root?

 

[cod3monk3y]

And peconi's user would be... me! For a little more background:

I want to set up secure file storage for multiple users. I have configured multiple Web Disks for the users and this works OK. But I also want to allow SFTP access to these locations, ideally with public key credential login. Obviously, the users must not see each other's files.

I understand that the files will only be secure in transfer and will not be stored encrypted on the site. This is something I desire but imagine that I'll have to write a module to handle this myself. Eventually I'll probably use a dedicated appliance like Accellion offers, once it fits into the budget.

Thanks!

 

[cPanelDavidG]

And peconi's user would be... me! For a little more background:

I want to set up secure file storage for multiple users. I have configured multiple Web Disks for the users and this works OK. But I also want to allow SFTP access to these locations, ideally with public key credential login. Obviously, the users must not see each other's files.

I understand that the files will only be secure in transfer and will not be stored encrypted on the site. This is something I desire but imagine that I'll have to write a module to handle this myself. Eventually I'll probably use a dedicated appliance like Accellion offers, once it fits into the budget.

Thanks!

Why not use FTP over SSL as that is supported for all FTP accounts on the system? SSL is the same thing that encrypts HTTP traffic for e-commerce websites. Cyberduck for Mac OS X supports this as does FileZilla on Windows.