SSH into a server as an app's system user
System users are the users that exist within a server’s operating system. Every app on your server belongs to and runs as one of these system users.
By default, ServerPilot creates a separate system user for each app. This provides security isolation between your apps. Additionally, running apps under separate system users makes debugging easier and provides a way for you to give developers or clients access only to the apps they should have access to.
SSH and SFTP access
To view or modify an app’s files, you can SSH or SFTP into a server as the app’s system user.
Change a user’s password
To update a system user’s password:
- Go to the Servers page in the dashboard and click on the name of the server.
- Click on Users.
- Click on the name of the system user.
- Click on Change password.
- Enter the new password and click Update Password.
Configure a user’s SSH keys
Before you can configure a system user’s SSH keys, you must first add the SSH key to your ServerPilot account:
- Go to your account’s SSH Keys page.
- Enter a Name for the key.
- Paste the contents of the key’s
.pubfile in the Public Key field. - Click on Add Key.
Once you’ve added the key to your ServerPilot account, configure the key for a system user:
- Go to the Servers page and click on the name of the server.
- Click on Users.
- Click on the name of the system user.
- Under SSH Keys, select the key that will be allowed to log in as this user.
- Click on Add Key.
Directory structure
When you SSH or SFTP into your server as an app’s system user, you will start out in the system user’s home directory:
/srv/users/USERNAMEA system user’s home directory has the following contents:
├─ apps/│ └─ APPNAME/│ └─ public/│ ├─ index.html│ └─ ...└─ logs/ └─ APPNAME/ └─ ...For an app named “APPNAME”,
the directory apps/APPNAME/public/ is the web root
where requests to the app will be served from.
Custom web root directory
To use a directory other than public/ as an app’s web root directory,
SSH into the server as the app’s system user and
replace public/ with a symlink to the new web root directory.
The following example shows how to use the web root directory public_html/.
- SSH into the server the app’s system user.
- Rename the app’s
public/directory topublic_html/Terminal window mv apps/APPNAME/public apps/APPNAME/public_html - Symlink the app’s
public/directory topublic_html/Terminal window ln -s public_html apps/APPNAME/public - Verify the symlink is correct:
Terminal window ls -l apps/APPNAME/public# Expected output:# lrwxrwxrwx 1 root root 11 Feb 19 19:15 apps/APPNAME/public -> public_html
The app’s directory structure will now be:
├─ apps/│ └─ APPNAME/│ ├─ public -> public_html│ └─ public_html/│ ├─ index.html│ └─ ...System users with multiple apps
By default, a new system user will be created for each new app you create. Running each app under its own system user provides security isolation between the apps on a server.
If needed, you can create multiple apps under the same system user. For example, if two apps are related and one app needs to access the files of the other app, then the apps must belong to the same system user.
To create an app under an existing system user, select Use an existing system user when creating the app.
When you have multiple apps under the same system user, system user’s directory structure will be:
├─ apps/│ ├─ APP_1/│ | └─ public/│ | ├─ index.html│ | └─ ...│ └─ APP_2/│ └─ public/│ ├─ index.html│ └─ ...└─ logs/ ├─ APP_1/ | └─ ... └─ APP_2/ └─ ...