User Management

User management is central to CompleteFTP administration. The CLI provides comprehensive tools for creating, configuring, and managing user accounts, including both internal users managed by CompleteFTP and OS users managed by the operating system.

Overview

CompleteFTP user management includes:

User types - Internal users vs. OS users
User properties - Protocols, permissions, quotas, and settings
Home directories - Virtual file system integration
Site mappings - Per-site user configurations
Password policies - Security requirements for internal users

All user operations use the completeftp user command group.

User Types

Internal Users

Internal users are managed entirely by CompleteFTP:

Stored in CompleteFTP's configuration database
Passwords managed by CompleteFTP
Full control over user properties
Support for password policies
Recommended for most scenarios

OS Users

OS users are managed by the operating system:

Authentication handled by the OS
User properties still managed by CompleteFTP
Useful for integration with existing user accounts
Limited password policy control

Advanced Authentication Available: CompleteFTP also supports LDAP/Active Directory, database authentication, SAML SSO, and two-factor authentication. See Advanced Features Overview for details.

Viewing User Information

List All Users

# List all users
completeftp user list

# List users with specific properties
completeftp user list userName enabled ftpEnabled sftpEnabled

Show User Details

# Show all properties of a user
completeftp user show alice

# Show specific properties
completeftp user show alice userName enabled sftpEnabled homeDirIsRoot

Creating Users

Basic User Creation

# Create a simple internal user
completeftp user add alice

# Create an OS user
completeftp user add bob OS

# Create user with home directory
completeftp user add charlie internal /Home/charlie homeFolderOS /var/ftp/charlie

Advanced User Creation

# Create user with full configuration
completeftp user add diana \
  internal \
  /Home/diana \
  homeFolderOS \
  /var/ftp/users/diana

# Create user with cloud storage home directory
completeftp user add eve \
  internal \
  /Home/eve \
  AmazonS3 \
  "bucketName=my-ftp-bucket,path=users/eve"

User Configuration

Basic User Properties

# Enable/disable user
completeftp user set alice enabled=true

# Set user's full name and description
completeftp user set alice "fullName=Alice Johnson" "description=Marketing Department"

# Set email address
completeftp user set alice email=alice@company.com

# Set user expiry date
completeftp user set alice expiryDate=2024-12-31

Protocol Access

# Enable SFTP access
completeftp user set alice sftpEnabled=true

# Enable FTP and FTPS access
completeftp user set alice ftpEnabled=true ftpsEnabled=true

# Enable HTTP/HTTPS access
completeftp user set alice httpEnabled=true httpsEnabled=true

# Enable SCP access (requires SFTP)
completeftp user set alice scpEnabled=true

# Enable file sharing
completeftp user set alice sharingEnabled=true

SSH and Terminal Access

# Enable SSH terminal access
completeftp user set alice sshTerminalEnabled=true

# Set SSH terminal shell
completeftp user set alice sshTerminalShell="/bin/bash"

# Enable SSH forwarding
completeftp user set alice sshForwardingEnabled=true

# Configure SSH authentication methods
completeftp user set alice sshAuthMethods="password,publickey"

Security Settings

# Set password interactively
completeftp user set alice password

# Enable two-factor authentication
completeftp user set alice twoFactorAuthEnabled=true

# Make user read-only
completeftp user set alice readOnly=true

# Set home directory as root
completeftp user set alice homeDirIsRoot=true

# Enable file encryption at rest
completeftp user set alice filesEncryptedAtRest=true

Quotas and Limits

# Set storage quota (in bytes)
completeftp user set alice quotaStorage=1073741824  # 1GB

# Set download speed quota (bytes per second)
completeftp user set alice quotaSpeedDownload=1048576  # 1MB/s

# Set upload speed quota (bytes per second)
completeftp user set alice quotaSpeedUpload=524288  # 512KB/s

Password Management

Setting Passwords

# Set password interactively (recommended for security)
completeftp user set alice password

# Set password directly (less secure, visible in command history)
completeftp user set alice password=mypassword123

# Generate random password
openssl rand -base64 12 | completeftp user set alice password

Password Policies

Password policies apply to all internal users and enforce security requirements.

Viewing Password Policy

# Show current password policy
completeftp user passwordpolicy show

Configuring Password Policy

# Set minimum password length
completeftp user passwordpolicy set minLength=8

# Require mixed case
completeftp user passwordpolicy set mustHaveMixedCase=true

# Require digits
completeftp user passwordpolicy set mustHaveDigit=true

# Require special characters
completeftp user passwordpolicy set mustHaveSpecialChar=true

# Set password expiration (days)
completeftp user passwordpolicy set requireChangeAfterDays=90

# Set account lockout after password expiration
completeftp user passwordpolicy set denyAccessAfterDays=100

# Allow users to change their own passwords
completeftp user passwordpolicy set allowChange=true

Home Directory Management

Setting Home Directories

# Set home directory for a user
completeftp user home alice /Home/alice

# Set home directory for specific site
completeftp user home alice /Home/alice "Production Site"

# Set home directory to existing folder
completeftp user home alice /Shared/Marketing

Home Directory Types

# OS folder (local file system)
completeftp user add alice homeFolderOS /var/ftp/alice

# Amazon S3 bucket
completeftp user add alice AmazonS3 "bucketName=my-bucket,path=users/alice"

# Azure Blob Storage
completeftp user add alice Azure "containerName=users,path=alice"

# Network folder
completeftp user add alice homeFolderOS "//server/share/alice"

Site Mappings

Users can have different configurations for different sites.

Viewing Site Mappings

# Show user's site mappings
completeftp user mapping show alice

# Show mapping for specific site
completeftp user mapping show alice "Production Site"

# Show all site mappings for user
completeftp user mapping show alice

Configuring Site Mappings

# Enable user on a specific site
completeftp user mapping set alice "Production Site" enabled=true

# Set different home folder for a site
completeftp user mapping set alice "Production Site" homeFolder=/Production/alice

# Set home web application for a site
completeftp user mapping set alice "Production Site" homeWebApp=FileManager

# Disable user on a site
completeftp user mapping set alice "Test Site" enabled=false

User Management Workflows

Standard User Setup

# 1. Create internal user with home directory
completeftp user add alice \
  internal \
  /Home/alice \
  homeFolderOS \
  /var/ftp/alice

# 2. Configure basic properties
completeftp user set alice \
  enabled=true \
  "fullName=Alice Johnson" \
  email=alice@company.com

# 3. Enable required protocols
completeftp user set alice \
  sftpEnabled=true \
  httpEnabled=true \
  sharingEnabled=true

# 4. Set password
completeftp user set alice password

# 5. Verify configuration
completeftp user show alice

Secure SFTP-Only User

# 1. Create user
completeftp user add secure_user internal

# 2. Enable only SFTP
completeftp user set secure_user \
  enabled=true \
  sftpEnabled=true \
  ftpEnabled=false \
  httpEnabled=false

# 3. Configure SSH key authentication
completeftp user set secure_user sshAuthMethods="publickey"

# 4. Add SSH public key
completeftp user key add secure_user "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI..."

# 5. Set home directory as root
completeftp user set secure_user homeDirIsRoot=true

Temporary User Account

# 1. Create user with expiration
completeftp user add temp_user internal

# 2. Set expiry date
completeftp user set temp_user \
  enabled=true \
  expiryDate=2024-06-30 \
  "description=Temporary contractor access"

# 3. Configure limited access
completeftp user set temp_user \
  sftpEnabled=true \
  readOnly=true \
  quotaStorage=104857600  # 100MB

# 4. Set password
completeftp user set temp_user password

Service Account Setup

# 1. Create service account
completeftp user add backup_service internal

# 2. Configure for automated access
completeftp user set backup_service \
  enabled=true \
  sftpEnabled=true \
  sshAuthMethods="publickey" \
  "description=Automated backup service"

# 3. Add service SSH key
completeftp user key add backup_service "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB..."

# 4. Set appropriate home directory
completeftp user home backup_service /Backups

User Maintenance

Regular User Audits

# List all users with key properties
completeftp user list userName enabled expiryDate

# Find users with expiring passwords
completeftp user list userName passwordChangeTime

# List users with specific protocols enabled
completeftp user list userName sftpEnabled httpEnabled

# Check users without expiry dates
completeftp user list userName expiryDate | grep -v "20"

Bulk User Operations

# Disable multiple users (using a script)
for user in alice bob charlie; do
  completeftp user set $user enabled=false
done

# Update password policy for all users
completeftp user passwordpolicy set requireChangeAfterDays=60

# Enable SFTP for all users (be careful!)
for user in $(completeftp user list userName | tail -n +2); do
  completeftp user set $user sftpEnabled=true
done

User Cleanup

# Remove expired users
completeftp user remove temp_user

# Clean up user SSH keys
completeftp user key show alice
completeftp user key remove alice 0

# Reset user to defaults
completeftp user set alice \
  ftpEnabled=false \
  sftpEnabled=false \
  httpEnabled=false \
  readOnly=false

Troubleshooting User Issues

Authentication Problems

# Check if user is enabled
completeftp user show alice enabled

# Verify protocol access
completeftp user show alice sftpEnabled ftpEnabled

# Check password policy compliance
completeftp user passwordpolicy show

# Verify user exists
completeftp user list userName | grep alice

Access Issues

# Check home directory configuration
completeftp user show alice homeDirIsRoot
completeftp user mapping show alice

# Verify site mappings
completeftp user mapping show alice default

# Check read-only status
completeftp user show alice readOnly

# Review quotas
completeftp user show alice quotaStorage quotaSpeedDownload quotaSpeedUpload

SSH Key Problems

# List user's SSH keys
completeftp user key show alice

# Check SSH authentication methods
completeftp user show alice sshAuthMethods

# Verify SFTP is enabled
completeftp user show alice sftpEnabled

Best Practices

Security

Use strong password policies - Enforce complexity and regular changes
Enable appropriate protocols only - Don't enable unnecessary access methods
Set expiry dates - Use temporary accounts for contractors and guests
Regular audits - Review user accounts and permissions periodically
SSH key authentication - Prefer keys over passwords for automated access

Organization

Consistent naming - Use clear, consistent username conventions
Document users - Use description fields to document user purposes
Group similar users - Use groups for permission management
Home directory structure - Organize user directories logically
Site-specific configurations - Use site mappings for different environments

Maintenance

Monitor quotas - Track storage and bandwidth usage
Clean up unused accounts - Remove accounts for departed users
Update contact information - Keep email addresses current
Backup user configurations - Document critical user settings
Test user access - Verify users can connect and access their data

Quick Reference

User Management Commands

# List users
completeftp user list [properties]

# Show user details
completeftp user show <userName> [properties]

# Create user
completeftp user add <userName> [internal|OS] [homeFolderPath] [homeFolderType] [homeFolderMapping]

# Modify user
completeftp user set <userName> property=value

# Remove user
completeftp user remove <userName>

# Set home directory
completeftp user home <userName> <homeFolder> [site]

User Properties

# Basic properties
enabled=true/false
fullName="Full Name"
description="Description"
email=user@domain.com
expiryDate=yyyy-mm-dd

# Protocol access
ftpEnabled=true/false
ftpsEnabled=true/false
sftpEnabled=true/false
scpEnabled=true/false
httpEnabled=true/false
httpsEnabled=true/false
sharingEnabled=true/false

# Security
readOnly=true/false
homeDirIsRoot=true/false
twoFactorAuthEnabled=true/false
filesEncryptedAtRest=true/false

# Quotas (in bytes)
quotaStorage=1073741824
quotaSpeedDownload=1048576
quotaSpeedUpload=524288

Password Policy Commands


# View policy
completeftp user passwordpolicy show

# Set policy
completeftp user passwordpolicy set property=value

# Policy properties
minLength=8
mustHaveMixedCase=true/false
mustHaveDigit=true/false
mustHaveSpecialChar=true/false
requireChangeAfterDays=90
denyAccessAfterDays=100
allowChange=true/false