burusftp user update

NAME

burusftp user update <username> [options] - Modifies existing user in the user database.

OPTIONS

• --add-keys <keyfile1 | key1> <keyfile2 | key2> <...>
  • Adds public keys and sets key-auth to required when disabled before.
• --ftp <enabled | disabled | default> 2.15.0+
  • Enables or disables FTP access. Default is default - use server-wide setting.
• --impersonate <on | off>
  • Enables or disables file system impersonation when --win-account is set. This feature is available in Pro edition only. See User authentication for more details.
• --key-auth <enabled | disabled | required>
  • Enables, disables or makes public key authentication mandatory. Combine with --password-auth to enforce two-factor authentication.
• --lock [<date-time> | <interval>]
  • Locks a user - the user is not allowed to log in to the server (mutually exclusive with --unlock).
  • When date-time is specified, the user will be unlocked after the specified value. Supported date-time format is yyyy-MM-dd (e.g 2022-11-29) or "yyyy-MM-dd hh:mm:ss" (e.g 2022-11-29 15:30:45) .
  • When interval is specified, the interval is added to current date and time and the user will be unlocked after the specified value.
    • interval has to be specified as a number followed by a letter determining which date or time component should be adjusted
    • supported letters are:
      • (m)inutes
      • (h)ours
      • (d)ays
      • (M)onths
      • (y)ears
    • Combination of intervals is supported (e.g “3d 12h 45m”)
• --note <note>
  • Sets note about user. Use empty note (--note "") to delete the note.
• -p, --pwd
  • Update password (will prompt for new password) and sets password-auth to required when disabled before and password-auth-mode to local.
• --password <password>
  • Sets password and sets password-auth to required when disabled before and password-auth-mode to local. Not recommended as the password will be visible when entering - use -p instead. --password "" behaves the same as --remove-pwd
• --password-auth <enabled | disabled | required>
  • Enables, disables or makes password authentication mandatory. Combine with --key-auth to enforce two-factor authentication.
• --password-auth-mode <local | windowsNetwork | windowsInteractive>
  • Specifies password authentication scheme - see user add for more details. Windows options are available in Pro edition only.
• --readonly
  • Read-only access (mutually exclusive with readwrite).
• --readwrite
  • Read-write access (mutually exclusive with readonly).
• --remove-keys <pattern1> <pattern2> <...>
  • Removes existing public keys. Possible values are (part of) SHA-256 base-64 fingerprint, algorithm (e.g. rsa) or ‘*’ for all keys.
• --remove-pwd
  • Removes password. Unless Windows authentication is active, also sets password-auth to disabled.
• --remove-win-account
  • Removes Windows account associated with the user used for Windows authentication and sets password-auth to disabled when Windows authentication was in use before.
• --set-keys <keyfile1 | key1> <keyfile2 | key2> <...>
  • Replaces existing public keys with new ones and sets key-auth to required when disabled before.
• --shell-type (default | none | terminal | legacy)
  • Shell behavior. Only applicable for SSH endpoints with Shell/SCP subsystem enabled.
  • default - Use the default shell type as specified in the global configuration
  • none - Minimal shell restricted to user’s path mappings with SCP will be available.
  • legacy - Minimal shell restricted to user’s path mappings with SCP and SSH aliases will be available.
  • terminal - Full shell (e.g. cmd.exe, PowerShell, etc.) will be presented, not restricting the user to their path mappings.
• --shell-path <path>
  • Path to shell executable. Only applicable for terminal shell type. Use an empty value ("") to use default path as specified in the global configuration.
• --shell-home <path>
  • Home directory. Only applicable for terminal shell type. Use an empty value ("") to use default path as specified in the global configuration.
• --unlock
  • Unlocks a user after they were locked manually or performed too many invalid login attepmts and clears failed login count (mutually exclusive with lock).
• --web-admin <enable | disable>
  • Allows or disallows user to access web administration tool (if installed)
• --win-account <windows account name>
  • Windows account associated with the user used for Windows authentication, sets password-auth-mode to windowsNetwork and password-auth to required when disabled before. Also sets impersonate to on if this command sets Windows authentication as active and required. This feature is available in Pro edition only.

EXAMPLES

# Change password to 'kate' for user guybrush.
burusftp user update guybrush --password "kate"

# Replace existing public keys for user guybrush.
burusftp user update guybrush --set-keys "C:\Users\guybrush\rsa.pub"

# User guybrush is not allowed log in to the server.
burusftp user update guybrush --lock

# User guybrush is not allowed log in to the server until the specified date and time.
burusftp user update guybrush --lock "2022-01-31 08:30:00"

# User guybrush is not allowed log in to the server for next 7 days.
burusftp user update guybrush --lock 7d

# User guybrush is not allowed log in to the server for next 3 days, 12 hours and 45 minutes.
burusftp user update guybrush --lock "3d 12h 45m"

# User guybrush can log in to the server after it was locked out.
burusftp user update guybrush --unlock

SEE ALSO

user add, user list, user inspect, user delete