- User management
- Create a Virtual Host with a specified user
- Create a Super User with access to all Multi-Users
To manage websites on nine.ch Managed (V)Servers,
nine-manage-vhosts is used by default. It allows you to configure websites on our servers. nine.ch also supports the usage of FPM and correspondingly its users.
In this document, you will find an explanation on how to use the user management section of
To increase security for web applications, you can give each virtual host a separate system user. This is useful if one virtual host should get compromised. In this case, only this user is affected. Normally, server orders are configured with only one user called
www-data, the user management option can be added upon request. Please do note however that changing to FPM may require bigger adjustments which may also cause downtimes.
With the user management section of
nine-manage-vhosts, users are managed as follows:
www-data@server:~ $ sudo nine-manage-vhosts user <action>...
Instead of the placeholder “action” you can use:
List gives a list of the currently existing users:
www-data@server:~ $ sudo nine-manage-vhosts user list NAME | HOMEDIR ------------|------------------ www-data | /home/www-data www-example | /home/www-example
During the creation(
create) of a user, or while updating one (
update), you can choose between three password-related options.
www-data@server:~ $ sudo nine-manage-vhosts user create www-example --no-password www-data@server:~ $ sudo nine-manage-vhosts user create www-example --ask-password www-data@server:~ $ sudo nine-manage-vhosts user create www-example --password=<password>
By using the option
--no-password the created user will have no password and cannot be accessed through SSH or SFTP. This can be advantageous if you want to disable login through the said services in favor of an FTP access. For security reasons, we recommend to only set a password if absolutely necessary as it enables shell-access.
--ask-password, the script will prompt for a password after starting it. The option
--password will allow you to type the password directly into the command line, which may be of use for creating multiple users with a custom script.
To assign a virtual host to a specified user while creating it, you have to enter the username after the option
--user, as shown here:
www-data@server:~ $ sudo nine-manage-vhosts virtual-host create example.org --user=www-example
In this example, a virtual host with the domain
example.org and the user
www-example in the folder
/home/www-example/example.org is created.
Create a new SSH-Key
We use the user www-data as super-user in this example.
Generate a new Private- and Public SSH Key without a passphrase.
www-data@server:~ $ ssh-keygen -o -a 100 -t ed25519 -N "" -C "www-data@server"
Deploy the pub-key on all user-webroots
The resulting public key content should now be copied to all desired user webroots under ~/.ssh/authorized_keys.
The file’s content should look like this:
www-*@server:~ $ cat ~/.ssh/authorized_keys ssh-ed25519 AAAAC3NzaC1lZDI1NBBBBAAAILeD/udlOxZZuNNNNNNNNNu5L1+wM/spA5JzYNKH www-data@server
Test the connection
By using the following command you can test the connection to all users that you have deployed the public key to:
www-data@server:~ $ ssh www-*@localhost
WARNING! The private key should be kept private especially because it has no password and is not encrypted! It could lead to a severe security issue when the private key gets stolen.
- For use with PuTTY or WinSCP the open-ssh key has to be converted into PPK format using the PuTTYgen utility.
- The private keyfile ~www-data/.ssh/id_ed25519 must have 600 access rights. Otherwise the ssh connections will fail.