burusftp user update
NAME
burusftp user update - Modifies existing user in the user database.
OPTIONS
--add-keys <keyfile1 | key1> <keyfile2 | key2> <...>- Adds public keys and sets key-auth to required when disabled before.
--impersonate <on | off>- Enables or disables file system impersonation when
--win-accountis set. This feature is available in Pro edition only. See User authentication for more details.
- Enables or disables file system impersonation when
--key-auth <enabled | disabled | required>- Enables, disables or makes public key authentication mandatory. Combine with
--password-authto enforce two-factor authentication.
- Enables, disables or makes public key authentication mandatory. Combine with
--lock [<date-time> | <interval>]- Locks a user - the user is not allowed to log in to the server (mutually exclusive with
--unlock). - When
date-timeis specified, the user will be unlocked after the specified value. Supported date-time format isyyyy-MM-dd(e.g 2022-11-29) or"yyyy-MM-dd hh:mm:ss"(e.g 2022-11-29 15:30:45) . - When
intervalis specified, the interval is added to current date and time and the user will be unlocked after the specified value.intervalhas to be specified as a number followed by a letter determining which date or time component should be adjusted- supported letters are:
- (
m)inutes - (
h)ours - (
d)ays - (
M)onths - (
y)ears
- (
- Combination of
intervals is supported (e.g “3d 12h 45m”)
- Locks a user - the user is not allowed to log in to the server (mutually exclusive with
-p, --pwd- Update password (will prompt for new password) and sets
password-authto required when disabled before andpassword-auth-modeto local.
- Update password (will prompt for new password) and sets
--password <password>- Plaintext password and sets
password-authto required when disabled before andpassword-auth-modeto local. Not recommended as the password will be visible when entering - use-pinstead.
- Plaintext password and sets
--password-auth <enabled | disabled | required>- Enables, disables or makes password authentication mandatory. Combine with
--key-authto enforce two-factor authentication.
- Enables, disables or makes password authentication mandatory. Combine with
--password-auth-mode <local | windowsNetwork | windowsInteractive>- Specifies password authentication scheme - see user add for more details. Windows options are available in Pro edition only.
--readonly- Read-only access (mutually exclusive with readwrite).
--readwrite- Read-write access (mutually exclusive with readonly).
--remove-keys <pattern1> <pattern2> <...>- Removes existing public keys. Possible values are (part of) SHA-256 base-64 fingerprint, algorithm (e.g.
rsa) or ‘*’ for all keys.
- Removes existing public keys. Possible values are (part of) SHA-256 base-64 fingerprint, algorithm (e.g.
--remove-pwd- Removes password (disables password authentication) and sets
password-authtodisabledwhen password was in use before.
- Removes password (disables password authentication) and sets
--remove-win-account- Removes Windows account associated with the user used for Windows authentication and sets
password-authtodisabledwhen Windows authentication was in use before.
- Removes Windows account associated with the user used for Windows authentication and sets
--set-keys <keyfile1 | key1> <keyfile2 | key2> <...>- Replaces existing public keys with new ones and sets
key-authto required when disabled before.
- Replaces existing public keys with new ones and sets
--shell-type (default | none | terminal | legacy)- Shell behavior.
default- Use the default shell type as specified in the global configurationnone- Only minimal shell will be presented (when SCP is enabled). File system traversal is restricted to virtual path settings.legacy- Same asnone, with support for SSH aliasesterminal- Real shell will be presented (cmd.exeby default). File system traversal is only restricted by Windows access permissions. Virtual path settings are ignored.
--shell-path <path>- Path to shell executable. Only applicable for
terminalshell type. Use an empty value ("") to use default path as specified in the global configuration.
- Path to shell executable. Only applicable for
--shell-home <path>- Home directory. Only applicable for
terminalshell type. Use an empty value ("") to use default path as specified in the global configuration.
- Home directory. Only applicable for
--unlock- Unlocks a user after they were locked manually or performed too many invalid login attepmts and clears failed login count (mutually exclusive with
lock).
- Unlocks a user after they were locked manually or performed too many invalid login attepmts and clears failed login count (mutually exclusive with
--web-admin <enable | disable>- Allows or disallows user to access web administration tool (if installed)
--win-account <windows account name>- Windows account associated with the user used for Windows authentication, sets
password-auth-modetowindowsNetworkandpassword-authtorequiredwhen disabled before. Also setsimpersonatetoonif this command sets Windows authentication as active and required. This feature is available in Pro edition only.
- Windows account associated with the user used for Windows authentication, sets
EXAMPLES
# Change password to 'kate' for user guybrush.
burusftp user update guybrush --password "kate"
# Replace existing public keys for user guybrush.
burusftp user update guybrush --set-keys "C:\Users\guybrush\rsa.pub"
# User guybrush is not allowed log in to the server.
burusftp user update guybrush --lock
# User guybrush is not allowed log in to the server until the specified date and time.
burusftp user update guybrush --lock "2022-01-31 08:30:00"
# User guybrush is not allowed log in to the server for next 7 days.
burusftp user update guybrush --lock 7d
# User guybrush is not allowed log in to the server for next 3 days, 12 hours and 45 minutes.
burusftp user update guybrush --lock "3d 12h 45m"
# User guybrush can log in to the server after it was locked out.
burusftp user update guybrush --unlock