This interface allows you to manage which of your accounts can access your server remotely from the command line.
Warning:
Many users want this type of access. However, before you grant complete shell access to users, make certain that you consider the security risks. We recommend that you only provide jailed shell (sometimes seen as jailshell) access to users, which prevents the execution of certain harmful commands.
Manage shell access
To modify shell access for all of the accounts on your server, click the appropriate button at the top of the interface. To modify shell access for specific users, select the desired type of access in the row that corresponds to that account.
Note:
The account's package determines whether the account has shell access. If you change the account's permission to access a shell, the system will set the value for the account's package to undefined in the account's userdata file.
You can select the following types of shell access:
- Normal Shell — Select this option to grant the user access to the shell with no limitations.
-
Jailed Shell — Select this option to grant the user access to a jailed shell, which limits the user's ability to run certain commands that could harm your server.
-
Disabled Shell — Select this option to deny shell access to the user.
Note:
An account with a disabled shell may use SFTP if you enable it. To disable an account's ability to use SFTP, you must set
/bin/falseas the user’s shell. To do this, run the following command as therootuser, whereusernameis the account for which you wish to disable SFTP:usermod-s/bin/falseusername
