burusftp user update

NAME

burusftp user update <username> [options] - Modifies existing user in the user database.

OPTIONS

  • --add-keys <keyfile1 | key1> <keyfile2 | key2> <...>
    • Adds public keys and sets key-auth to required when disabled before.
  • --impersonate <on | off>
    • Enables or disables file system impersonation when --win-account is set. This feature is available in Pro edition only. See User authentication for more details.
  • --key-auth <enabled | disabled | required>
    • Enables, disables or makes public key authentication mandatory. Combine with --password-auth to enforce two-factor authentication.
  • --lock [<date-time> | <interval>]
    • Locks a user - the user is not allowed to log in to the server (mutually exclusive with --unlock).
    • When date-time is specified, the user will be unlocked after the specified value. Supported date-time format is yyyy-MM-dd (e.g 2022-11-29) or "yyyy-MM-dd hh:mm:ss" (e.g 2022-11-29 15:30:45) .
    • When interval is specified, the interval is added to current date and time and the user will be unlocked after the specified value.
      • interval has to be specified as a number followed by a letter determining which date or time component should be adjusted
      • supported letters are:
        • (m)inutes
        • (h)ours
        • (d)ays
        • (M)onths
        • (y)ears
      • Combination of intervals is supported (e.g “3d 12h 45m”)
  • -p, --pwd
    • Update password (will prompt for new password) and sets password-auth to required when disabled before and password-auth-mode to local.
  • --password <password>
    • Plaintext password and sets password-auth to required when disabled before and password-auth-mode to local. Not recommended as the password will be visible when entering - use -p instead.
  • --password-auth <enabled | disabled | required>
    • Enables, disables or makes password authentication mandatory. Combine with --key-auth to enforce two-factor authentication.
  • --password-auth-mode <local | windowsNetwork | windowsInteractive>
    • Specifies password authentication scheme - see user add for more details. Windows options are available in Pro edition only.
  • --readonly
    • Read-only access (mutually exclusive with readwrite).
  • --readwrite
    • Read-write access (mutually exclusive with readonly).
  • --remove-keys <pattern1> <pattern2> <...>
    • Removes existing public keys. Possible values are (part of) SHA-256 base-64 fingerprint, algorithm (e.g. rsa) or ‘*’ for all keys.
  • --remove-pwd
    • Removes password (disables password authentication) and sets password-auth to disabled when password was in use before.
  • --remove-win-account
    • Removes Windows account associated with the user used for Windows authentication and sets password-auth to disabled when Windows authentication was in use before.
  • --set-keys <keyfile1 | key1> <keyfile2 | key2> <...>
    • Replaces existing public keys with new ones and sets key-auth to required when disabled before.
  • --shell-type (default | none | terminal | legacy)
    • Shell behavior.
    • default - Use the default shell type as specified in the global configuration
    • none - Only minimal shell will be presented (when SCP is enabled). File system traversal is restricted to virtual path settings.
    • legacy - Same as none, with support for SSH aliases
    • terminal - Real shell will be presented (cmd.exe by default). File system traversal is only restricted by Windows access permissions. Virtual path settings are ignored.
  • --shell-path <path>
    • Path to shell executable. Only applicable for terminal shell type. Use an empty value ("") to use default path as specified in the global configuration.
  • --shell-home <path>
    • Home directory. Only applicable for terminal shell type. Use an empty value ("") to use default path as specified in the global configuration.
  • --unlock
    • Unlocks a user after they were locked manually or performed too many invalid login attepmts and clears failed login count (mutually exclusive with lock).
  • --web-admin <enable | disable>
    • Allows or disallows user to access web administration tool (if installed)
  • --win-account <windows account name>
    • Windows account associated with the user used for Windows authentication, sets password-auth-mode to windowsNetwork and password-auth to required when disabled before. Also sets impersonate to on if this command sets Windows authentication as active and required. This feature is available in Pro edition only.

EXAMPLES

# Change password to 'kate' for user guybrush.
burusftp user update guybrush --password "kate"

# Replace existing public keys for user guybrush.
burusftp user update guybrush --set-keys "C:\Users\guybrush\rsa.pub"

# User guybrush is not allowed log in to the server.
burusftp user update guybrush --lock

# User guybrush is not allowed log in to the server until the specified date and time.
burusftp user update guybrush --lock "2022-01-31 08:30:00"

# User guybrush is not allowed log in to the server for next 7 days.
burusftp user update guybrush --lock 7d

# User guybrush is not allowed log in to the server for next 3 days, 12 hours and 45 minutes.
burusftp user update guybrush --lock "3d 12h 45m"

# User guybrush can log in to the server after it was locked out.
burusftp user update guybrush --unlock

SEE ALSO

user add, user list, user inspect, user delete