Referenceburusftp.exe

burusftp user add

Add a user to the user database. For a step-by-step guide, see Manage Users (CLI).

Synopsis

burusftp user add <username> [options]

Options

--ftp (enabled | disabled | default)

2.15.0+ Enable or disable FTP access. default uses the server-wide setting.

Default: default.
--impersonate (on | off)

PRO Enable or disable file system impersonation when --win-account is set. See Authentication for details.

--key-auth (enabled | disabled | required)

Enable, disable, or require public key authentication. Combine with --password-auth for two-factor authentication.

--keys <keyfile | key> [...]

One or more public key files or key strings for authentication. Also sets key-auth to required.

--note <note>

Set a note about the user.

-p

Securely prompt for a password. Also sets password-auth to required and password-auth-mode to local.

--password <password>

Set password. Also sets password-auth to required and password-auth-mode to local.

--password-auth (enabled | disabled | required)

Enable, disable, or require password authentication. Combine with --key-auth for two-factor authentication. Defaults to required when --impersonate on is set.

--password-auth-mode (local | windowsNetwork | windowsInteractive)

PRO How the password is verified. local uses the built-in user database; windowsNetwork and windowsInteractive delegate to Windows authentication (--win-account must be set). Defaults to local when password is set, windowsNetwork when Windows account is set.

--password-hash (salt-first | password-first),<password hash hex>,<salt hex>

Import a pre-computed password hash with salt. Sets password-auth to required and password-auth-mode to local. Supports SHA-1, SHA-2, and MD5 hashes.

  • salt-first — hash computed as hash(salt + password)
  • password-first — hash computed as hash(password + salt)
  • <password hash hex> — hex-encoded password hash
  • <salt hex> — hex-encoded salt value

Example: --password-hash salt-first,0x1055d3e698d289f2af8663725127bd4b,0xa0392fed

--read-only

Set read-only access on the --root-dir path mapping.

--root-dir <path>

Root directory for the user. Full access is granted unless --read-only is set. Use burusftp path for additional virtual path mappings.

--shell-home <path>

Home directory for SSH terminal sessions. Defaults to the global sshShell.defaultHomeDirectory setting.

Only applies when the user connects via SSH in terminal shell mode.

--shell-path <path>

Shell executable for SSH terminal sessions. Defaults to the global sshShell.defaultShellPath setting.

Only applies when the user connects via SSH in terminal shell mode.

--shell-type (none | terminal | legacy)

Shell behavior. Only applies to SSH endpoints with Shell/SCP enabled. See sshShell for details.

--web-admin (enable | disable)

Allow or disallow access to the Web Administration tool.

--win-account <windows account name>

PRO Windows account for authentication. Also sets password-auth to required, password-auth-mode to windowsNetwork, and impersonate to on.

Examples

# Add user with password and web admin access
burusftp user add guybrush --root-dir "C:\Users\guybrush" --password "elaine" --web-admin enable

# Add user with public key authentication from file
burusftp user add lechuck --root-dir "C:\Users\lechuck" --keys "C:\Users\lechuck\rsa.pub"

# Add user with inline Ed25519 public key
burusftp user add lechuck --keys "ssh-ed25519 AAAAC3...wondiGXo6J"

# Add user with Windows authentication (Pro edition)
burusftp user add elaine --root-dir "C:\Users\elaine" --win-account "MI\elaine"

See also

burusftp user update, burusftp user delete, burusftp user list

uninstall

Previous Page

user delete

Next Page

On this page

SynopsisOptionsExamplesSee also