Table of Contents
Adding a SSH user is performed via SSH. Log into your
acc server and switch user to root
su -l root /microcloud/scripts_ro/create_ssh_user.sh -h
There are a number of options that can be supplied to create a SSH user
create_ssh_user.sh Usage: create_ssh_user.sh [-r] [username] username Username (eg. media_user) -r Remove user -w Do not share ID with www-data
-w feature is a powerful flag that dictates how the new user account will behave. For the simple purpose of adding new users, where per-user security is not of paramount concern (ie. the individual SSH accounts exist solely to provide individual environments), users should be created without the
If security is not the reason for a new account then the
-w flag should be omitted. This will create a new user with the same ID as
www-data. It will ensure a consistent problem-free file/directory ownership whilst giving independence to users.
If security is the reason for a new account then the
-w flag should be provided. This will create a new user with a different ID to that of the
www-data user. The user will still belong to the
www-data group, and through the native use of a sticky group bit, new files/directories created in any document root will still posses that of the
www-data group (thus reducing the potential for file/directory permission issues). This option is recommended for advanced users only that fully understand the impact it will have on file permissions and management.
To create a user with access to all domain groups/vhosts.
To create a user called
To remove a user called
/microcloud/scripts_ro/create_ssh_user.sh -r example
! SSH users can be added using conventional tools such as
useradd, but in order to preserve the correct permissions on MageStack, inexperienced users are recommended to use the script provided.
To create a user with access to a specific domain-group only
To create a user where the name matches that of the domain group
Eg. For the domain group
/etc/ssh/sshd_config and append the following to the end of the file,
Match User example #example# ChrootDirectory /microcloud/domains/example/ #example# AllowTCPForwarding no #example# X11Forwarding no #example#
Then reload SSH,
To remove the user
/microcloud/scripts_ro/create_ssh_user.sh -r example sed -i '/#example#/d' /etc/ssh/sshd_config /etc/init.d/ssh reload