Here's the beginning of the issue: I'm running Fedora 12 with httpd and sshd. I want to create a user with a scponly shell for sftp access, but this user should ONLY be able to view /the/http/base/dir and its subdirectories. The user should not be able to see or get into directories above the httpd base. Someone mentioned creating a chroot jail for sshd and binding the httpd base to that dir, but this seems like more work than is necessary for the application I wish. Also mentioned was creating a user, say user1 with a selinux user setting of staff_r. I have read the articles and creating a user of staff_r isn't overly difficult, but how would I make it where staff_r would be restricted to where I want them to be? If I'm not mistaken, that would require changing the context of /the/httpd/base/dir?
I have created my own custom ubuntu distro using the alternate installation cd and doing a command line install. I'm using ubuntu 10.04 as my base and am also using thunar as my file browser and am trying to create a secure desktop environment and to do that I'd like to restrict thunar to a certain partition. Is it possible to do that?
I would like to allow a user to login through SSH but with different permission coming from different ipaddress.
For example, a user "tester" login to SSH through 192.168.1.1 and another user login with the same login id "tester" but from different ip 192.168.1.2.
How do I restrict 192.168.1.2 to only allow for viewing the content in the home directory while giving 192.168.1.1 full access?
I would like to allow a user to login through SSH but with differentpermission coming from different ipaddress.For example, a user "tester" login to SSH through 192.168.1.1 andanother user login with the same login id "tester" but from differentip 192.168.1.2.How do I restrict 192.168.1.2 to only allow for viewing the content inthe home directory while giving 192.168.1.1 full access?I got a suggestion from some oneApproach 1) Based on the ip you change the shell. If it's just for read only ajail would be fine.but how do I change shell based on IP?Approach 2) to have two ssh instances. Let's say port 22 and port 24. Port 22 isfor read only, while port 24 is for full accessso how can it be possible to give port 22 only read only access to SSH
I heard we can set security in /etc/hosts.allow and /etc/hosts.deny on user base also like something user@domain or something if so how can I restrict a user to access particular service by his/her user name in a particular host via /etc/hosts.allow or /etc/hosts.deny
2 of us have been googling all morning trying to find out how we can restrict ftp logins to their own home directories only but nothing we've found so far has worked. We've tweaked sshd_config so that they default to their home directory but they are able to navigate up/across/down to everything. This is a "straight-out-of-the-box" debian 5.0.5 Netinst. Just a basic system with Apache/MySql/PHP/SSH and no desktop.
i heard that if pam is denying the user and ftp is allowing the user the user can get the access it means that ftp conf file is stronger than host.deny
created a user but i forgot to change the home directory permission.so after user created when i go to the user and group mangement i cant see that permission filed related to the home permission directory.my purpose is to stop accessing other user to my home directory,how it can be possible??
I've been looking for this feature for months and couldn't find a solution for this. Does anyone know how to create users and limit the user to a specified directory?
I had a student, and she has done some work on her account on my lab computer, but has left the country and is un-contactable.
I have full administrator privileges for this machine, and it is running Ubuntu LTS 10.04
She has a folder which was copied from a windows formatted external hard drive (Probably NTFS) onto her home partition on my machine.
I can open all of her files, except for those in this folder.
As I see it the problem is either something to do with the permissions of the files (coming from NTFS), or some kind of Ubuntu security that I am unaware of?
I'm working in Ubuntu 9.04 Desktop with Apache installed. I have a directory /var/www/test:drwxrwxr-x 5 root www-data 4096 2010-01-04 13:51 test And I've added myself as a member of the group www-data. Problem though is when i go into /var/www/test I still can't do anything, whether it's creating a new file or directory or editing files there. The files within the directory are also 775 and setup under group www-data.
I am currently in a project to set up an LTSP server with 10 thin clients. I am using Ubuntu 9.10 (Karmic).
Installing server and booting clients are working fine. Now, according to the need, I have to restrict user session numbers and allow resuming previous user session.
I have achieved to do the first one, but still could not able to setup the second one. As per requirement, if some thin can have power failure, the same session should be restored back. I am confused here, if I need to focus on saving xsessions or saving gnome sessions. I am looking for a concrete solution as I am running out of time.
As example, I have directory in /root called as "shared". i already shared this directory using NFS. i want to limit this directory size into 20 GB(20*1024*1024).That means "shared" directory reserved 20 GB disk space from the HDD.how can i solve this problem
I've looked around and haven't been able to really understand how to do this yet.How can I set up a SSH user to access a single folder (and it's subfolders) on my system.I want to give my brother access to a folder under /media/Data/FilesBut I don't want him to access any other part of my system.I've set up a user (using useradd and gave him a password but no home directory).I want to have him use SSH to log in to my machine, start in the /media/Data/Files directory, and not be able to get out of that directory - but add/change/delete/etc any of the files.
I am running RHEL release 4 (Nahant Update 6). I currently have a fax server that has been encountering issues recently after hours. My boss would like our helpdesk to monitor the status of these modems throughout their shift. This has led to a request for a helpdesk account to be created on our linux box that only has access to a few commands. Is there a way to limit the new user to only have access to the following commands?
cd less cat
Additionally I would like to create a script for them to run that would chmod our modems when necessary since their permissions reset after a power cycle. BUT not give them access to the chmod command, just chmod through that script for those specific devices.
I am trying to download site using wget :$sudo wget -r -Nc -mk [URL] but it is downloading the contents of all directories and subdirectories under the domain :[URL] (ignoring the 'codejam' directory) so it is downloading from links like : [URL]... i want to restrict the download so that wget command should download only the things under 'codejam' directory
During set-up of a home server (running Kubuntu 10.04), I created an admin user for performing administrative tasks that may require an unmounted home. This user has a home directory on the root partition of the box. The machine has an internet-facing SSH server, and I have restricted the set of users that can connect via SSH, but I would like to restrict it further by making admin only accessible from my laptop (or perhaps only from the local 192.168.1.0/24 range). I currently have only an
I want to restrict to send mail for particular allowed users of UNIX user. How can I achieve that? Which file I need to configure to allow users to send mail?
I've installed Ubuntu Desktop Ed 9 and I want to add a user account that would be very restricted. I would only want them to access the internet and run several programs. I do not want them to have access to the destkop, anything under preferences, administration etc... Is this possible?
