Sudo Users and Site Users
SpinupWP utilizes two different types of system users. These users allow you to safely and conveniently manage your servers and sites. Let’s take a look at each.
Sudo Users
Following security best practices, SpinupWP disables SSH access for the root user on all servers. Instead, you can add sudo users, which will have sudo
access. This will allow you to run commands as root and manage your server. For example:
sudo apt-get upgrade
When managing a server, a SSH user should be used. These are the users you will use to install, upgrade or configure server software.
A SSH user’s home directory is located at: /home/{username}
Key points to remember:
- Sudo users have full system access
- Sudo users can view all sites on a single server and modify them using
sudo
. However, doing so will require you to set the correct file permissions manually - Sudo users should not be created for clients to access their sites (unless you really do want them to have root access to the server)
- A server can have multiple sudo users
- Sudo users must use public key authentication
Site Users
Sites deployed via SpinupWP are owned by a unique system user, known as a site user. Site users have restricted file permissions, which prevent them from viewing other site’s files and other sensitive files (such as Nginx configs).
Site users can SSH and SFTP to the server, but they will be restricted to the site’s directory. This makes them ideal for giving out to clients who require an SFTP user to manage their sites as they will be unable to view or modify other sites on the server.
When making changes to a site directly on the server, or running WP CLI the site user should be used. This will prevent file ownership issues and alleviate the need to manually chown
files.
A site user’s home directory is located at: /sites/{domain}
.
Key points to remember:
- Site users are unable to navigate to another site’s home directory
- Site users cannot modify server configs, such as those used by Nginx or PHP
- Site users do not have
sudo
access, meaning they cannot run commands with root privileges - Site users should be given to clients who require SFTP access to manage their sites
- Site users can use either public key authentication or password authentication
- A site only has one user, but it can have multiple SSH keys assigned (if using public key authentication)