General :: Create An SSH User Which Can Access Only Certain Directory ?
Jun 18, 2011
I have a Virtual Private Server which I can connect to using SSH with my root account, being able to execute any linux command and access all the disk area, obviously.
I would like to create another user account, which would be able to access this server using SSH too, but only to a certain directory, for example /var/www/example.com/
For example, imagine this user has a HUGE error.log file (500 MB) located in /var/www/example.com/logs/error.log
When accessing this file using FTP, this user needs to download 500 MB to view the last lines of the log, but I'd like him to be able to execute something like this:
Therefore I need him to be able to access the server using SSH, but I don't want to grant him access to all server areas.
I need to create an SSH user that can only access the directory I would specify for them. For example, I've been able to execute the following: useradd -d /home/me/directory_for_this_user someuser
So when someuser logs in they get into this directory. Problem is that once they log in they can simply execute: cd / and navigate through all other directories which is a security risk.
How I could limit someuser's access to only /home/me/directory_for_this_user and its subdirectories and nowhere else in the system?
I'm developing an application in which one user must run java software that I'm compiling as another user. I wanted to give user A permission to see the bin direcory of my workspace, which is in the home directory of user B. I was wondering how can this be done? I gave the bin direcotry full read/execute premissions, but since it's in my home directory user A can't navigate to it.
I know there are a few ways I could get around the problem but they arn't very elegant. I was wondering if there is a simple method for giving a user access to a specific directory without giving access to all the parent directories. I tried symbolic link but user A still can't access it, and a hard link to a directory isn't allowed in Linux. I don't feel like making a hard link to every single file in the bin directory, and I'm not sure that would work anyways, since every recompile overwrites them.
Code: mkdir: cannot create directory `/dev/cgroup/cpu/user/5900': No such file or directory bash: /dev/cgroup/cpu/user/5900/tasks: No such file or directory bash: /dev/cgroup/cpu/user/5900/notify_on_release: No such file or directory It seems like it's probably from this part of .bashrc:
[Code]...
What does this code do, why, and what's causing it to go wrong?
I configured FTP server on Fedora 7.0 . I create different users with different password. I also create seprate directory for each FTP user. All are working . When I use filezilla for connecting that FTP site I can access all the directory on that server.
Now I want to configure that no any FTP user can access other FTP users directory or any other directory in server machine . What I do for this .
I need to give a user write access to /var/www and its subdirectories. The current directory permissions are as follows:rwx r-x r-x root root
I added the user to the root group but that didn't seem to help.I read I could chmod -R to change the access to write for the www directory and subdirectories but I don't want to change things and mess up the website. How can I give the user access to write to the www directory and subdirectories without messing anything up? Would changing the www directory group owner to his group cause an issue anywhere?
i have rhel 5.2 and i want to create user using useradd command without creating user home directory and not throwing any warning/error about not creating any home directory.i have tried useradd -u "$NEW_UID" -g <gid> -d "/home/$1" -M "$1"where $1 is user name and $NEW_UID is i am calculating.it throws error as useradd: cannot create directory /home/$1which i dont want to come , how to prevent this?
I've been looking for this feature for months and couldn't find a solution for this. Does anyone know how to create users and limit the user to a specified directory?
I have a network set up that has been working for around a year with no problems but has now developed a login problem. The system was set up with a main server with all users on it and another PC located elsewhere that people could log onto using there personal login and password that then gained access to the account on the main server. This remote PC has now got the problem. When you try to log onto an account it comes up with the message "your session has lasted less than 10 seconds. If you have not logged out yourself this could mean there is a installation problem or that you are out of disk space."
Error message says that no profile for the user can be found and it couldnt create per-user gnome configuration directory. I can log on as root onto the remote PC as it is obviously a local account but all the account on the main server are not accessible. From the root account I can see that the connection to the server is OK and I can actually log into the accounts on the server using the failsafe session so the physical network is OK.
I never built or designed this set up and to be honest I normally work with windows so its all a bit strange to me. Both PC's run Centos 5. I have checked the messages log and there doesnt seem to be any indication of a problem. Just that it stopped connecting from the remote PC. The accounts are all active on the main server itself and have no problems being accessed.
i'm using ftp server with RHEL-5.1 now i wish to an anonymous user can create and upload some file on my ftp server...for this i configure the entries in /etc/vsftpd/vsftpd.conf
anonymous_enable=YES # Uncomment this to allow local users to log in. local_enable=YES
i'm using ftp server with RHEL-5.1 now i wish to an anonymous user can create and upload some file on my ftp server... for this i configure the entries in /etc/vsftpd/vsftpd.conf
anonymous_enable=YES # Uncomment this to allow local users to log in. local_enable=YES
I am using NIS and I want to replace this with 389 ds. I have installed 389 ds and configured it. I could create user account from 389-console. But it does not create user home directory. Do I have to create user account and user home directory in linux first?
I want to create a limited user, such that the user should only have the access to usb drives, cd drives and internet. And also I want to restrict the user from deleting the files from the system. How to do it..?
I'm using Ubuntu x64 10.04 edition. How can I set only one particular directory (and it's contents) to be accessible to a user while make everything else inaccessible for him? I already added the user by using adduser command.
I have a file server on my network. It is accessed mainly by linux machines throught NFS, but sometimes I need to access it from windows, and I managed to get Samba up and running with only one share with no password, which is what I want.My users have their "private" folders which are just chmodded 700, and under NFS it works fine, but on samba I get, of course, access denied.How can I configure samba so that it asks a password to access those directory? They can become separate shares, and have their own username and passwords (not the ones in /etc/passwd in the server), I don't care.
I configured a FTP Server on Fedora Now I want to create a user for FTP Server which has no privileges to access any things outside his home directory .
Username is "Test1" Home directory is /var/ftp/Test1 chmod 700 /var/ftp/Test1 chown Test1 /var/ftp/Test1
i want to allow some friends to ssh/sftp/scp into my system but i only want them to have access to my external hard drive (/media/externalHD/), and i dont want them to be able to delete or add anything, only download.i have found instructions on how to limit a user to his/her home directory and thought about just creating a user with the home directory /media/externalHD but idk if this will work and im afraid i might make a mistake and delete 800gb of 'files'
In my recent installations of Debian stable release (Jessie) with Gnome and Cinnamon respectively, I added my wife as a normal user. A home directory was created automatically for her.
In these installations, I am able to access her home directory, while, in the past, I was not allowed to access her home directory on previous Debian releases.
2 of us have been googling all morning trying to find out how we can restrict ftp logins to their own home directories only but nothing we've found so far has worked. We've tweaked sshd_config so that they default to their home directory but they are able to navigate up/across/down to everything. This is a "straight-out-of-the-box" debian 5.0.5 Netinst. Just a basic system with Apache/MySql/PHP/SSH and no desktop.
I am using Mandriva 8 as my local server, i want to configure sftp sever by which particular user can access particular directory of our local server by using ftp client, can anyone tell me how can i do it?
Well, I am facing problem when doing lab questions.
I must use DLXLinux bundled in Bochs (bochs.sourceforge.net).
I am required to use the /usr/local directory.
In /usr directory, there is no directory named 'local' but there is one thing called 'local@'. So, when I try to use mkdir command to create 'local' directory in /usr , there are error "cannot make directory.....".
Is it possible to give user only FTP access / browsing rights for certain directory within /srv/www/htdocs and prevent same user to browse all other directories, even user's /home directory on that server?
I have added a new user by following command : root# useradd -u 100 -g 120 -d /product -s /bin/bash sandesh I am not able to access it in /export/home directory..?
I'm planning to centralize users and passwords and also create controls for user access to some equipment, for example, Linux Servers, Switches, routers and firewalls. In case of failure of the link between the ACS and AD or equipment to the ACS, this device would use local username and password.
At the moment, my AD structure is a Microsoft, Cisco ACS servers and Linux Standalone. I wish that both linuxs servers and network equipment were authorized by Cisco ACS on the accounts that are in Microsoft AD.
The configuration of the Cisco ACS to use the AD is done and no problems, the network equipment is OK too, but am having difficulties configuring the server for this solution.
