I'm just chiming in to note that I would appreciate the ability to grant multiple shell users access to the same application through the dashboard! The FACL commands + adding a symlink work, of course, but are a rather clunky way of achieving this for those of us who are not experienced with using the terminal. Is this a feature that might be added at some point?

    mprlab327 sure thing, I'll add that to our todo list. Thanks!

      2 months later

      I'd like to add a request to enable restricting access for a specific user to the folder of an app. This way I wouldn't have to share all of the account with someone who I'm hiring to work on that specific app. Or is this already possible ?

        Axel my approach has been to create a different shell user for each app - that would allow you do exactly that. Means switching shells to switch apps, but I'm finding it really helpful for each app to be in a simple, dedicated environment.

          Axel what @dcd said: if you want to isolate an app or group of apps for a particular project or client then using a separate shell user for those apps is best way to do that.

          • Axel replied to this.

              sean I don't see anywhere how to create a shell user JUST for one app ? In the Shell Users menu there isn't any way to select the app for which the user would have access privileges.

              • sean replied to this.

                  Axel

                  1. Create a new shell user.
                  2. Create one application for that shell user.

                  We don't have a way to easily change the shell user for an existing app but we're hoping to make that possible in the future.

                  • Axel replied to this.

                      sean Ok but copying over files, using "cp", from a directory accessible by one user to a directory accessible by the other user is not possible. sFTP works tho.

                      • sean replied to this.

                          Axel or rsync:

                          1. Log into SSH as user2.
                          2. rsync the files from user1: rsync -Pa user1@opalN.opalstack.com:apps/myapp/ ~/apps/myapp

                            Does the above mean that in an VPS server with n Shell User each with m Applications any Shell User can access/copy/modify ANY Application owned by the Shell User originally having it ? If yes, why ? is too risky ? is it agains VPS principles to provide security ?
                            Are Opalstack VPS security features weaker than those provided by other ISPs such as SiteGround , see www.siteground.com

                            • sean replied to this.

                              dragonxi no, the above does not mean any of that at all.

                              To copy files from one shell user to another, you have to already know the credentials for both shell users.

                              The ability to run your individual applications as individual shell users makes our platform more secure than any host that doesn't have this capability.

                                Excellent news - thanks a lot!

                                4 months later

                                @sean may I know when will this be implemented? I'm doing a simple CD using SFTP but I don't want to use my main shell user for this.

                                • sean replied to this.
                                  Mastodon