How-to guidesUser management

How to manage users with Web Administration

This guide walks through creating and modifying user accounts using the Web Administration interface. For conceptual background, see Authentication and File Access & Permissions.

Prefer the command line?

The same settings can be configured with the burusftp user commands. See Manage Users (CLI).

Open the Web Administration interface

Open http://localhost:8880/ in a browser on the server. By default, the Web Admin only listens on the loopback interface — see webconfig.yaml bindings if you need to expose it to other hosts.

Click Users in the navigation menu to open the user list. All further configuration — authentication, path mappings, Web Admin access — is done on the user details page, which you open by clicking the username in the user list. After any change, click Update user to save.

Create a new user

Click Add new user, enter the Username, and click Add user to save.

Enable password authentication

In the Authentication settings section, enable Password authentication. The password is then verified in one of two modes — locally against the user database, or delegated to Windows.

Web Admin access requires a password

A user can only sign in to the Web Administration interface with a password.

Local

Select Local password (the default), then click Set password and enter a password in the dialog. Buru stores the hashed password in its user database.

Windows

Windows authentication is available in Pro edition only.

Windows authentication validates the password against a local Windows account or an Active Directory domain account, removing the need to maintain a separate password in Buru. It can also impersonate the Windows user when accessing files.

  • Select Windows (network) or Windows (interactive). See Password authentication for the difference between the two.
  • Enter the Windows account name in the Windows account field (e.g. MI\elaine for a domain account, or just elaine for a local one).
  • Tick Enable impersonation to run every file and shell operation as the Windows user (NTFS permissions then apply directly); leave it unticked to keep file operations running as the service account.

The user signs in to Buru with their Buru username and the password belonging to the linked Windows account.

Enable public key authentication

In the Authentication settings section, enable Public key authentication (SSH/SFTP only). You then have two options:

  • Add public key file — upload a .pub file from disk.
  • Add public key — paste the key string (e.g. ssh-ed25519 AAAAC3...) directly.

You can associate any number of keys with a single account. Each key can carry an optional comment so you can tell them apart later (work laptop, hardware token, …).

Click Update user to save.

SSH keys can be generated with ssh-keygen or PuTTYgen. See the burusftp user key add reference for the supported algorithms and formats.

Require both password and key (multi-factor)

To require the user to present both a password and a public key on every login, enable both Password authentication and Public key authentication in the user's Authentication settings section, then mark each as required. See Combining methods for the conceptual details.

Configure path mappings

Path mappings define what the user sees and where it actually lives on disk. See File Access for the conceptual model.

Add a path mapping

In the FTP / SFTP path mappings section, click Add path mapping. Fill in the dialog:

  • Virtual path — the directory the client sees. Pre-filled to / for the first mapping; change to /uploads, /shared, etc. for additional mappings.
  • Physical path — the actual server path (e.g. C:\Users\elaine, D:\Data\Uploads, \\dfs\shared).
  • Access rights — tick Read, Write, Delete, or All (shorthand for all three). Pick the minimum the user needs.

Click Add to confirm.

The root mapping (/) becomes the user's home directory after login. A user with no root mapping sees an empty root and can only access subdirectories that are explicitly mapped below it.

Overlay limitation

You cannot map a virtual directory over a physical subdirectory that already exists under a parent mapping — the server refuses to resolve the ambiguity.

Remove a path mapping

In the FTP / SFTP path mappings section, click the X icon next to the mapping you want to remove, then click Update user. This only revokes the user's access — the files on disk are untouched.

Grant Web Administration access

In the Miscellaneous section, tick Web administration access. Password authentication is required.

To create a Web Admin-only user — one that can administer the server but has no SFTP or SSH access — create a new user with a password, enable Web administration access, and skip all path mappings. Set the SSH shell type to none if it isn't already.

Lock or delete a user

Both actions are performed from the Users page.

Lock / unlock. Either click the padlock icon in the user's Status column, or tick the checkbox next to one or more users and click Lock / unlock at the top of the table. Both open the same dialog with an optional Lock until field that accepts a timestamp (e.g. 2024-01-31 23:59) or a duration (e.g. 2d 12h); leave it empty and click Lock indefinitely to lock until manually unlocked. Click Unlock to release a locked user. Locked users cannot sign in, but the account and its settings are preserved.

Delete. Tick the checkbox next to one or more users and click Delete at the top of the table. The Web Admin prompts for confirmation and then removes the account permanently. The user's files on disk are not affected.

See also

Overview

Previous Page

Manage users (CLI)

Next Page

On this page

Open the Web Administration interfaceCreate a new userEnable password authenticationLocalWindowsEnable public key authenticationRequire both password and key (multi-factor)Configure path mappingsAdd a path mappingRemove a path mappingGrant Web Administration accessLock or delete a userSee also