burusftp user add

NAME

burusftp user add <username> - Add user to the user database.

OPTIONS

  • --impersonate (on | off)
    • Enables or disables file system impersonation (using SFTP or SCP) when --win-account is set. This feature is available in Pro edition only. See User authentication for more details.
  • --keys <public_key_file1> <public_key_file2> <...>
    • User public key files. Can be used for authentication instead of password. Also sets key-auth to required.
  • --key-auth (enabled | disabled | required)
    • Enables, disables or makes public key authentication mandatory. Combine with --password-auth to enforce two-factor authentication.
  • -p
    • Securely prompts for password, sets password-auth to required and password-auth-mode to local.
  • --password <password>
    • Sets password, sets password-auth to required and password-auth-mode to local.
  • --password-auth (enabled | disabled | required)
    • Enables, disables or makes password authentication mandatory. Combine with --key-auth to enforce two-factor authentication. This value defaults to required when --impersonate on is set.
  • --password-auth-mode (local | windowsNetwork | windowsInteractive)
    • Specifies how password is verified - either using local storage (in conjuction with --password or -p) or using Windows authentication (--win-account also must be set). The two Windows options specify whether LOGON32_LOGON_NETWORK_CLEARTEXT or LOGON32_LOGON_INTERACTIVE method shall be used. Default is local when password is set and windowsNetwork when Windows account is set. Windows authentication options are available in Pro edition only.
  • --password-hash (salt-first|password-first),<password hash hex>,<salt hex>
    • Specifies password hash and salt and password-salt order, sets password-auth to required and password-auth-mode to local. Currently supported are SHA1, SHA2 and MD5 hashes.
    • Example: --password-hash salt-first,0x1055d3e698d289f2af8663725127bd4b,0xa0392fed - MD5 hash (0x1055...), 4-byte salt (0xa0e392fed), hash computed as MD5(salt+password) (salt-first)
  • --read-only
    • Read-only access
  • --root-dir
    • Root directory to be used for the user. Use path command to specify more virtual path mappings.
  • --shell-type (none | terminal | legacy)
    • Shell behavior.
    • none - Only minimal shell will be presented (when SCP is enabled). File system traversal is restricted to virtual path settings.
    • legacy - Same as none, with support for SSH aliases
    • terminal - Real shell will be presented (cmd.exe by default). File system traversal is only restricted by Windows access permissions. Virtual path settings are ignored.
  • --shell-path <path>
    • Path to shell executable. Only applicable for terminal shell type. Default: %WINDIR%\System32\cmd.exe
  • --shell-home <path>
    • Home directory. Only applicable for terminal shell type. Default: %WINDIR%\..
  • --web-admin (enable | disable)
    • Allows user to access web administration tool (if installed)
  • --win-account <windows account name>
    • Windows account associated with the user used for Windows authentication. Also sets password-auth to required, password-auth-mode to windowsNetwork, impersonation to on. This feature is available in Pro edition only.

EXAMPLES

  • burusftp user add guybrush --root-dir C:\Users\guybrush --password elaine --web-admin enable

    • Add user ‘guybrush’ with home directory at ‘C:\Users\guybrush’ and password ’elaine’. Guybrush will use password authentication and will have access to web administration.
  • burusftp user add lechuck --root-dir C:\Users\lechuck --keys C:\Users\lechuck\rsa.pub

    • Add user ’lechuck’ with public key stored in ‘C:\Users\lechuck\rsa.pub’. Lechuck will use public key authentication
  • burusftp user add elaine --root-dir C:\Users\elaine --win-account MI\elaine

    • Add user ’elaine’ using Windows account MI\elaine for password validation. This feature is available in Pro edition only.

SEE ALSO

path, user delete, user list, user inspect, user update