Create SSH/SFTP Users in ServerPilot Free Plan

If you are using the free plan of ServerPilot but need additional SFTP and SSH user accounts, then here are the steps to create a new account. The created users will have write permissions to certain directories only (specified by you) so this is a good way to go if you want to host multiple users’ websites in a single server managed through ServerPilot’s free plan. Here are the steps:

Sign into your server as root via SSH and execute this command:

useradd -d /srv/users/serverpilot/apps/appname/ -G serverpilot -M username

The above command will create a new user, will set the specified home directory for the user and will add the user to serverpilot group.

Next, adjust the permissions on the specified directory for your newly created user like this:

chown -vR :serverpilot /srv/users/serverpilot/apps/appname/ | chmod -vR g+w /srv/users/serverpilot/apps/appname/

Now lastly, set a password for the user.

passwd username

Set and confirm the password and that’s it. Now you will have a new user with restricted write access to the specified path only. Don’t forget to use your real app’s name and the username in place of the highlighted values. Do you have any questions or suggestions? Leave a comment below.

Rehmat

A web developer, server administrator and a blogger from Gilgit-Baltistan, Pakistan.

16 Comments

You can post comments in this post.


  • Rehmat, all I can say is that your articles are some of the best I have read on the internet. They are short and to the point and most importantly solve real world scenarios with servers etc. Thank you, thank you thank you. Keep up the great work!

    Andrew 2 months ago Reply


    • Thank you so much, Andrew, for your kind words. Glad to know that you like my articles 🙂

      Rehmat 2 months ago Reply


  • Quick question, when I do the above the ftp opens into the root of the server. I want it to have access to the specific app? Am I missing something?

    Andrew 2 months ago Reply


    • In the first command, did you provide a valid path for the home directory?
      useradd -d /srv/users/serverpilot/apps/appname/

      Or you can modify the user’s home directory now by executing this command:
      usermod -d /srv/users/serverpilot/apps/appname/ username

      Rehmat 2 months ago Reply


      • Ok, I realise I am not explaining myself correctly. The new created user has access to all the websites. I just want the new user to have access to a single domain/app. This is so I can offer the client access without risking the other sites.

        Is that more clear?

        Thanks for your help.

        Andrew 2 months ago Reply


        • Got it! Although the user may list the other directories he will not be able to make changes to the directories except the one that you have given him access to. Try creating or modifying a file in any other directory and you will see that the permission will be denied. I’ll have a look into this and will update the article in case you want to prevent the listing as well. I hope this helps.

          Rehmat 2 months ago Reply


          • Thanks Rehmat, yeah I kinda don’t want the users to be able to see who else has sites on the server.

            I would appreciate it. I will look into it and see if I can work it out.

            Cheers

            Andrew 2 months ago


          • Got it, that’s a solid reason. I’ll check this today and will let you know.

            Rehmat 2 months ago


  • Howdy Rehmat,

    I have done some further testing. While this account does not allow you to add or change anything in other folders, it does allow you to download the contents of the sites.

    Would this work better if we create a new group for the particular user. I realise this means we will have a new group for every user but it could safe guard downloading of other data?

    Let me know your thoughts.
    Cheers
    Andrew

    Andrew 2 months ago Reply


    • Hi Andrew,
      I also found the same when I tested. With the same serverpilot group, it isn’t possible to set a restricted directory for the user. To use chroot, we will have to use specific groups and if it isn’t an issue for you to use a specific group for each user, then the desired results can be achieved.

      Rehmat 2 months ago Reply


      • Yes I am going to use a specific group. Am working on it at the moment. My Linux knowledge is limited so I am learning as I go along. Thanks for all your help on this.

        Andrew 2 months ago Reply


        • That’s great Andrew. I’m too busy in some work from last several days that’s why I’m unable to work on this. If you achieve the results, please consider sharing here, otherwise, I’ll try to work on it this weekend.

          Rehmat 2 months ago Reply


  • Dear Rehmat,
    The article is great, but I go to serverpilot’s tutorial, and it has: https://serverpilot.io/community/articles/system-user-guide.html.
    The home directory of each system user created by ServerPilot is at /srv/users/USERNAME. Hopefully, You can find out how to do soon.
    Thank you again for the great article.

    Hai Pham 2 months ago Reply


    • Thanks Hai, for raising this question. The guide explains the directory structure in paid plans where you can create unlimited SSH/SFTP users but here we are trying to create users in the free plan of ServerPilot. I will go through the guide and will see if we can follow a similar approach. Currently, I’m badly busy doing some projects that’s why unable to review this. Will update this thread once I test this and finds a way out.

      Rehmat 2 months ago Reply


  • Rehmat bhai,

    Your articles are really nice and helpful. I too have the similar problem, the user is able to see all the files in other folders even thought they do not have permissions to write, still the users can open the files and check my database connections from other apps, that’s a problem, if you can put up some tutorial just like this would be great when time permits. We just do not want users to access anything but only their folder.

    Thanks again for your valuable tutorials.

    Regards
    Ram

    Ram 1 month ago Reply


    • Hello Ram,
      To ensure that users aren’t able to view the files, we will have to use a separate group for each user like discussed in other comments on this post. I’ll try to write a tutorial as soon as I get enough time.

      Rehmat 1 month ago Reply


Post A Reply