SSH/SFTP user privileges
When logging into a SSH the user is placed inside a container with an image of its own. This means that any changes outside of your home directory will not be persistent. However, everything stored in your home directory will remain.
SSH authorized keys will currently not work as expected, because the home directory differs from the login directory. SSH key based authentication will be available in a future release.
Single vs. Multiple Containers
The number of commands available will vary slightly depending on whether your SSH user has access to a single container or multiple containers.
When the SSH user has no containers attached:
- This uses a base image with basic Linux commands.
When the SSH user is attached to a single container:
- The image used is the same as the container image, giving you access to the version of software (PHP, Redis, etc.) that the container is running.
When the SSH user is attached to more than one container:
- The image used is the base image again.
The table below shows an example set of commands available to a user attached to a single Redis 3 container vs. a user attached to multiple containers:
|Command||Single Container||Multiple Containers|
|Standard commands (cd, ls, chown, chmod, git, etc.)||✔||✔|
Using your own binaries
Each SSH user has been provided with a special directory to store your own binaries making them available anywhere without having to specify the full path.
To do so you need to download/upload your binary (or script) inside the "bin" directory of your home directory.
Here is an example on how to download composer and use it to install SilverStripe on an Apache + PHP 5.6 container:
Connect to your server via SSH, using a user you have previously created.
Download composer and install it into your "bin" directory:
curl -sS https://getcomposer.org/installer | php -- --install-dir=./bin --filename=composer
Navigate to the "public" directory and start the install:
Note: SilverStripe requires an empty directory so make sure it is empty first.
composer create-project --no-dev silverstripe/installer . 3.0.3
Open a web browser, navigate to your website and follow the SilverStripe installation procedure.
Readonly Configuration Files
There may be a situation where you wish to mark configuration files for your container as readonly to prevent certain SSH users from modifying important settings. This can be easily achieved on any SSH user by following the simple steps below:
Navigate to the 'Containers' module and click the 'SSH & SFTP' button in the upper navigation bar:
Select the user in the list that you wish to modify:
Toggle on the 'Read Only Config' option for the user and click the 'Save Changes' button: