VShell allows you to define users in an internal database specific to the VShell server. This virtually eliminates the need to create Windows users when their accounts will only be used in conjunction with VShell. In addition, using an internal database can greatly simplify future migrations since VShell will automatically include all the internal database user accounts when you move its configuration to a new server.
When the internal database is enabled, VShell uses a single Windows system user to obtain a security token and determine file system access for users. All VShell database users are treated as the system user when interacting with the file system.
In VShell versions 3.5 to 3.9, internal database users are only allowed access to VShell file transfer services.
In VShell versions 4.0 and later, internal database users may also take advantage of shell, remote execution, port forwarding, and remote port forwarding features (if the user is given permissions to do so).
The GUI will vary slightly depending on which version of VShell is installed. This VShell tip provides examples using VShell version 4.2.5.
To begin configuring the user database, go to the Advanced category in the VShell Control Panel and select the Enable user database option. This option activates the User Database category in the Control Panel and allows the administrator to specify the system user information. Enter the System username and Password of the Windows system user that will be used by the database. The system user can be a local machine user or a domain user.
To create the database, click Create Database in the User Database File dialog, confirm the path and filename of the database file, and then click OK.
Be sure to verify that the internal database system user account you specify has NTFS file system level permissions for the folders and files that you intend to allow internal database accounts to access. This is done outside of VShell, as permissions on the file system must be set using Windows operating system tools.
The next step is to create the VShell database users. Select the User Database category in the VShell Control Panel and click on the Add... button.
Enter the username, optional full name, and password for each user. The Full Name field is useful for adding administrative notes relating to that particular user.
Click OK and then click Apply on the VShell User Database page.
If the user will have shell access, specify the desired home directory in the Command shell home directory field. Click on the "..." button to browse to an existing directory. The variable %USER% is the only valid environment variable that can be used. If the Command shell home directory option is empty, the user database's system user environment will dictate the home directory when the user connects with a shell client.
All user information can be edited at any time. Deleting a user from the database immediately disables all access for that user.
After adding users, the next step is to grant them access to the server. Select the Access Control category in the VShell Control Panel, click on the Add Database User/Group... button, select any user, and then press OK. Next, enable or deny the appropriate permissions for the user. Click on the Logon checkbox to enable the user to access the VShell server. The user can then be allowed access to one or more of the permissions, which include Shell, Remote Execution, SFTP, SCP, Port Forwarding, Remote Port Forwarding, and FTPS (if you are running the VShell with FTPS edition).
Virtual root directories should be configured for the VShell database users. Go to the Virtual Roots category in the VShell Control Panel.
Specify the folder that will be used as the virtual root, and give it a name (called an Alias). Then, select the Add Database User/Group... button to connect users to the virtual root.
It is also possible to add, edit, and delete users from the database using the VShellConfig command-line utility. This utility allows remote configuration of the user database, access control, and the virtual root settings. Please see the VShellConfig topic in the VShell Help for more information.
The system user for the VShell User Database can be changed easily.
First, use the appropriate Windows OS tools to verify that the new system user account has NTFS file system level permissions for the folders and files being accessed by internal database users.
Then, go back to the Advanced category of the VShell Control Panel, substitute the new System username and Password, then click the Apply button. VShell will immediately begin to impersonate the new system account for new connections that are made to VShell by an internal database user.
The VShell user database is a helpful feature that makes it easier to create and maintain Windows user accounts if the accounts will only be used with VShell and not to log into the system directly. The internal database can also streamline migrations of VShell to a different server, since VShell will automatically include all the internal database user accounts when you move its configuration.