SSH/SFTP user privileges

RSS

SSH/SFTP user privileges

Last updated February 10th, 2016

When logging into a SSH the user is placed inside a container with an image of its own. This means that any changes outside of your home directory will not be persistent. However, everything stored in your home directory will remain.

SSH authorized keys will currently not work as expected, because the home directory differs from the login directory. SSH key based authentication will be available in a future release.

Single vs. Multiple Containers

The number of commands available will vary slightly depending on whether your SSH user has access to a single container or multiple containers.

When the SSH user has no containers attached:

  • This uses a base image with basic Linux commands.

When the SSH user is attached to a single container:

  • The image used is the same as the container image, giving you access to the version of software (PHP, Redis, etc.) that the container is running.

When the SSH user is attached to more than one container:

  • The image used is the base image again.

The table below shows an example set of commands available to a user attached to a single Redis 3 container vs. a user attached to multiple containers:

Command Single Container Multiple Containers
Standard commands (cd, ls, chown, chmod, git, etc.)
redis-benchmark
redis-check-aof
redis-check-dump
redis-cli
redis-sentinel
redis-server

Using your own binaries

Each SSH user has been provided with a special directory to store your own binaries making them available anywhere without having to specify the full path.

To do so you need to download/upload your binary (or script) inside the "bin" directory of your home directory.

Here is an example on how to download composer and use it to install SilverStripe on an Apache + PHP 5.6 container:

  1. Connect to your server via SSH, using a user you have previously created.

  2. Download composer and install it into your "bin" directory:

    cd ~

    curl -sS https://getcomposer.org/installer | php -- --install-dir=./bin --filename=composer

  3. Navigate to the "public" directory and start the install:

    Note: SilverStripe requires an empty directory so make sure it is empty first.

    cd ~/containers/example.com/application/public

    composer create-project --no-dev silverstripe/installer . 3.0.3

  4. Open a web browser, navigate to your website and follow the SilverStripe installation procedure.

Readonly Configuration Files

There may be a situation where you wish to mark configuration files for your container as readonly to prevent certain SSH users from modifying important settings. This can be easily achieved on any SSH user by following the simple steps below:

  1. Navigate to the 'Containers' module and click the 'SSH & SFTP' button in the upper navigation bar:

    SSH Users

  2. Select the user in the list that you wish to modify:

    SSH User List

  3. Toggle on the 'Read Only Config' option for the user and click the 'Save Changes' button:

    Edit SSH User

Can we improve this article? Suggest an improvement to this article.

Suggest an Improvement

Thank you for helping us to improve this Knowledge Base article. Please type your suggestions below:

Still need help? Get in touch with us.

If you aren't able to find the help you need then please send us a question and we can help you further.