burusftp user add
NAME
burusftp user add <username> [options] - Add a user to the user database.
OPTIONS
--ftp (enabled | disabled | default)2.15.0+- Enables or disables FTP access. Default is
default- use the server-wide setting.
- Enables or disables FTP access. Default is
--impersonate (on | off)- Enables or disables file system impersonation (using SFTP or SCP) when
--win-accountis set. This feature is available in Pro edition only. See User authentication for more details.
- Enables or disables file system impersonation (using SFTP or SCP) when
--keys <public_key_file1 | key1> <public_key_file2 | key2> <...>- User public key files or keys. Can be used for authentication instead of a password. Also sets
key-authto required.
- User public key files or keys. Can be used for authentication instead of a password. Also sets
--key-auth (enabled | disabled | required)- Enables, disables or makes public key authentication mandatory. Combine with
--password-authto enforce two-factor authentication.
- Enables, disables or makes public key authentication mandatory. Combine with
--note <note>- Sets note about the user.
-p- Securely prompts for a password, sets
password-authto required andpassword-auth-modetolocal.
- Securely prompts for a password, sets
--password <password>- Sets the password, sets
password-authto required andpassword-auth-modetolocal.
- Sets the password, sets
--password-auth (enabled | disabled | required)- Enables, disables or makes password authentication mandatory. Combine with
--key-authto enforce two-factor authentication. This value defaults torequiredwhen--impersonate onis set.
- Enables, disables or makes password authentication mandatory. Combine with
--password-auth-mode (local | windowsNetwork | windowsInteractive)- Specifies how the password is verified - either using local storage (in conjunction with
--passwordor-p) or using Windows authentication (--win-accountalso must be set). The two Windows options specify whetherLOGON32_LOGON_NETWORK_CLEARTEXTorLOGON32_LOGON_INTERACTIVEmethod shall be used. Default islocalwhen the password is set andwindowsNetworkwhen the Windows account is set. Windows authentication options are available in Pro edition only.
- Specifies how the password is verified - either using local storage (in conjunction with
--password-hash (salt-first|password-first),<password hash hex>,<salt hex>- Specifies password hash and salt and password-salt order, sets
password-authto required andpassword-auth-modetolocal. Currently supported are SHA1, SHA2 and MD5 hashes. - Example:
--password-hash salt-first,0x1055d3e698d289f2af8663725127bd4b,0xa0392fed- MD5 hash (0x1055...), 4-byte salt (0xa0e392fed), hash computed as MD5(salt+password) (salt-first)
- Specifies password hash and salt and password-salt order, sets
--read-only- Read-only access
--root-dir- Root directory to be used for the user. Use the path command to specify more virtual path mappings.
--shell-type (none | terminal | legacy)- Shell behavior. Only applicable for SSH endpoints with Shell/SCP subsystem enabled.
none- Minimal shell restricted to the user’s path mappings with SCP will be available.legacy- Minimal shell restricted to the user’s path mappings with SCP and SSH aliases will be available.terminal- Full shell (e.g. cmd.exe, PowerShell, etc.) will be presented, not restricting the user to their path mappings.
--shell-path <path>- Path to the shell executable. Only applicable for
terminalshell type. Default:%WINDIR%\System32\cmd.exe
- Path to the shell executable. Only applicable for
--shell-home <path>- Home directory. Only applicable for
terminalshell type. Default:%WINDIR%\..
- Home directory. Only applicable for
--web-admin (enable | disable)- Allows the user to access the web administration tool (if installed)
--win-account <windows account name>- Windows account associated with the user used for Windows authentication. Also sets
password-authtorequired,password-auth-modetowindowsNetwork,impersonationtoon. This feature is available in Pro edition only.
- Windows account associated with the user used for Windows authentication. Also sets
EXAMPLES
# Add user 'guybrush' with home directory at 'C:\Users\guybrush' and password 'elaine'.
# Guybrush will use password authentication and will have access to web administration.
burusftp user add guybrush --root-dir "C:\Users\guybrush" --password "elaine" --web-admin enable
# Add user 'lechuck' with public key stored in 'C:\Users\lechuck\rsa.pub'.
# LeChuck will use public key authentication
burusftp user add lechuck --root-dir "C:\Users\lechuck" --keys "C:\Users\lechuck\rsa.pub"
# Add user 'lechuck' and with Ed25519 public key.
# LeChuck will use public key authentication.
burusftp user add lechuck --keys "ssh-ed25519 AAAAC3...wondiGXo6J"
# Add user 'elaine' using Windows account `MI\elaine` for password validation.
# This feature is available in Pro edition only.
burusftp user add elaine --root-dir "C:\Users\elaine" --win-account "MI\elaine"
SEE ALSO
path, user delete, user list, user inspect, user update
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.