Networking :: How To Create SSH User Without Access To Root Directory
Aug 7, 2009
I need to create an SSH user that can only access the directory I would specify for them. For example, I've been able to execute the following:
useradd -d /home/me/directory_for_this_user someuser
So when someuser logs in they get into this directory. Problem is that once they log in they can simply execute:
cd /
and navigate through all other directories which is a security risk.
How I could limit someuser's access to only /home/me/directory_for_this_user and its subdirectories and nowhere else in the system?
I have a Virtual Private Server which I can connect to using SSH with my root account, being able to execute any linux command and access all the disk area, obviously.
I would like to create another user account, which would be able to access this server using SSH too, but only to a certain directory, for example /var/www/example.com/
For example, imagine this user has a HUGE error.log file (500 MB) located in /var/www/example.com/logs/error.log
When accessing this file using FTP, this user needs to download 500 MB to view the last lines of the log, but I'd like him to be able to execute something like this:
Therefore I need him to be able to access the server using SSH, but I don't want to grant him access to all server areas.
I have an ubuntu server set up in which i would like my shared media directory to be accessable with multiple usernames / passwords because I use my admisistrator username and password for samba as well, but I do not want to give out that password to all clients in my house. And, I would like to have write permissions but keep other users to read only. Is this possible or do i need to just make one separate username / password for samba sharing?
I'm setting up Ubuntu Karmic on my sister's old computer for my nephew, he's quite young so my sister asked to install some content filtering. I'll first setup an OpenDNS account and I've installed and managed to get dansguardian and squid working on a virtual machine to try it out. so far it's working pretty well, but I need to secure it form the inside out.
I was thinking of blocking specific outbound ports so he could not bypass the proxy. because by default the firefox configuration can be easily changed. so I have a couple of questions.
1. is it possible to block outgoing ports on Ubuntu? 2. is that the best method? 3. is there anything else I should be aware of to prevent subversion?
lastly, this question is probably unrelated to this board but I've set up a cron job to update a dynamic ip with OpenDNS, the problem is that the password is in clear text in the user's crontab, can I play with permissions? is it possible to run the job under a root account and deny read/write access to a normal user?
Code: mkdir: cannot create directory `/dev/cgroup/cpu/user/5900': No such file or directory bash: /dev/cgroup/cpu/user/5900/tasks: No such file or directory bash: /dev/cgroup/cpu/user/5900/notify_on_release: No such file or directory It seems like it's probably from this part of .bashrc:
[Code]...
What does this code do, why, and what's causing it to go wrong?
I no longer have access to my root desktop. On a session I attempted to change the root username but i apparently assigned it a wrong directory that does not exist. When I rebooted with my new root username, i was instead recognised as a simple user (no root privileges). I tried the console to change to "old" root but root password is not accepted and there is no way to access to sudoer files. it seems that inserting a new username requires root privileges and i am back to square one. Simply logging with old root username and password after restart gives me a blank screen with nothing on it and cannot even reboot.
i have rhel 5.2 and i want to create user using useradd command without creating user home directory and not throwing any warning/error about not creating any home directory.i have tried useradd -u "$NEW_UID" -g <gid> -d "/home/$1" -M "$1"where $1 is user name and $NEW_UID is i am calculating.it throws error as useradd: cannot create directory /home/$1which i dont want to come , how to prevent this?
I've been looking for this feature for months and couldn't find a solution for this. Does anyone know how to create users and limit the user to a specified directory?
I found that if any usual user is logged into a NDS-tree, then _local_ root has full access to user's network shares, including the user's home directory located on remote Netware-server. Is it by design or have I missed something? Nevertheless in windows local admin has no access to network resources mounted of any other user. If you runas shell (as admin) then admin in principle can't "see" network shares which were mounted (connected) by other users - they are accessible ("visible") per session.
I'm developing an application in which one user must run java software that I'm compiling as another user. I wanted to give user A permission to see the bin direcory of my workspace, which is in the home directory of user B. I was wondering how can this be done? I gave the bin direcotry full read/execute premissions, but since it's in my home directory user A can't navigate to it.
I know there are a few ways I could get around the problem but they arn't very elegant. I was wondering if there is a simple method for giving a user access to a specific directory without giving access to all the parent directories. I tried symbolic link but user A still can't access it, and a hard link to a directory isn't allowed in Linux. I don't feel like making a hard link to every single file in the bin directory, and I'm not sure that would work anyways, since every recompile overwrites them.
I have a network set up that has been working for around a year with no problems but has now developed a login problem. The system was set up with a main server with all users on it and another PC located elsewhere that people could log onto using there personal login and password that then gained access to the account on the main server. This remote PC has now got the problem. When you try to log onto an account it comes up with the message "your session has lasted less than 10 seconds. If you have not logged out yourself this could mean there is a installation problem or that you are out of disk space."
Error message says that no profile for the user can be found and it couldnt create per-user gnome configuration directory. I can log on as root onto the remote PC as it is obviously a local account but all the account on the main server are not accessible. From the root account I can see that the connection to the server is OK and I can actually log into the accounts on the server using the failsafe session so the physical network is OK.
I never built or designed this set up and to be honest I normally work with windows so its all a bit strange to me. Both PC's run Centos 5. I have checked the messages log and there doesnt seem to be any indication of a problem. Just that it stopped connecting from the remote PC. The accounts are all active on the main server itself and have no problems being accessed.
i'm using ftp server with RHEL-5.1 now i wish to an anonymous user can create and upload some file on my ftp server...for this i configure the entries in /etc/vsftpd/vsftpd.conf
anonymous_enable=YES # Uncomment this to allow local users to log in. local_enable=YES
I am getting the databases from mysql and my database name is username_something. I am getting the username and then puting the respective backups in corresponding folders like
tar bala bla /backups/sql/username/username_something.tar.sql.gz
The problem is system worrks if i have the folder username already there but for new databases if get the error like unknown file path.
How can i do that if username folder is not there it should be created
i'm using ftp server with RHEL-5.1 now i wish to an anonymous user can create and upload some file on my ftp server... for this i configure the entries in /etc/vsftpd/vsftpd.conf
anonymous_enable=YES # Uncomment this to allow local users to log in. local_enable=YES
I want to create a user who has all the privileges that root user has.I know how to create a user but i don't know how to grant root privileges to him.
I create a user in CentOS 5.5 for using with my email account.
useradd ralf passwd ralf
use "ralf user" only for my email account. How can I remove others privileges/permissions? Also, I want to use "ralf user" without root privileges/permissions.
I did a fresh fedora install and have overwritten the root user directory ( /root) with a backup of a previous install. Now I cannot log on through the login screen with the root user password. I can login su - as root on the command line with the password OK.
For a user on a Linux host, I need to make everything inaccessible besides his home directory. I have heard that this is usually done by changing the root directory for the user (and setting it to the user's home directory), however I couldn't find the way to do it.
I thought about the chroot command, but it seems it just runs the specified command, considering the specified directory as the root directory. So it seems chroot is not what i need. So my question is: what is the command which changes the user's root directory?
I am using NIS and I want to replace this with 389 ds. I have installed 389 ds and configured it. I could create user account from 389-console. But it does not create user home directory. Do I have to create user account and user home directory in linux first?
I am writing a ping kind of program for my own application. This application needs to run with non root user privileges. This needs me to create a raw socket. But the ping connection is failing because of creating raw socket with non root user.How can I run the application successfully with non root user privileges using raw socket creation?
I want to create a limited user, such that the user should only have the access to usb drives, cd drives and internet. And also I want to restrict the user from deleting the files from the system. How to do it..?
When I log on a root and attempt to issue the command Freshclam to upgrade the virus definitions it attempts or create a new file with a definition name. I get a message stating that the directory isnt writable. The user and group access rights are as follows:
USER = read, write, execute Group = read, write, execute All= read, execute.
The only way I can get around this is by applying a 777 which would be read, write and execute for all. Now, I have a group define with several user ids in it including Root.How do I connect the group with the directory/file so I dont have to apply a 777 access right to group users could issue the Freshclam command.
I have configured apache on my Centos 5.2 and it is working well. I want to have a sym link of my docs directory in /root/ in the apache root directory. I used ln -s command to create this sym link. But when I tried to access this I get the following error:
You don't have permission to access /docs on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
How can I access this directory in apache. i use apache 2.0.63.
