Skip to main content

nine-manage-vhosts with multi-user

Introduction

On managed servers, Nine provides you with the CLI tool nine-manage-vhosts to manage websites. Using nine-manage-vhosts you can create additional users.

This article describes how to use nine-manage-vhosts user management.

User management

To increase security for web applications, they can be separated from each other with separate system users. When ordering the server, Nine creates the user www-data by default, using nine-manage-vhosts you can create additional users as needed.

With the user management of nine-manage-vhosts users are managed as follows:

www-data@server:~ $ sudo nine-manage-vhosts user <action>...

The available actions are create, update, remove and list. The latter outputs a list of the currently existing users:

www-data@server:~ $ sudo nine-manage-vhosts user list

NAME        | HOMEDIR
------------|------------------
www-data    | /home/www-data
www-example | /home/www-example

When creating (create) or updating (update) a user, three password-related options are available:

www-data@server:~ $ sudo nine-manage-vhosts user create www-example --no-password
www-data@server:~ $ sudo nine-manage-vhosts user create www-example --ask-password
www-data@server:~ $ sudo nine-manage-vhosts user create www-example --password=<password>

With the --no-password option, no password is set and the user cannot log in via SSH or SFTP. This is useful if you want to disable SSH/SFTP login in favor of FTP access.

The --ask-password option prompts for a password, using --password a password can be specified directly on the command line. The latter allows automating the creation of additional users.

Set up VirtualHost under a specific user

A VirtualHost can be assigned to a user during creation. For this purpose, the --user option must be used:

www-data@server:~ $ sudo nine-manage-vhosts virtual-host create example.org
--user=www-example

In this example, the VirtualHost is created with the domain example.org under the user www-example in the folder /home/www-example/example.org.

Access all other users with www-data

The user www-data acts as a kind of "super-user". www-data is used to create vhosts and other users (nine-manage-vhosts), to create databases (nine-manage-databases) or to access data backups (nine-backup) or database backups.

Since access by passwords should be avoided as much as possible, we have given the user www-data the possibility to switch to other user accounts.

For example, an SSH private key can be stored for a newly created user without having to create or share a password for the user.

Change user

As user www-data you can execute the wrapper nine-su using sudo to be able to switch to another user account:

www-data@server:~ $ whoami
www-data
www-data@server:~ $ sudo nine-su www-example
www-example@server:~$ whoami
www-example
www-example@server:~$

The wrapper does not accept any other parameters besides the username (www-xyz).