Ubuntu Servers :: SSH Chroot On A Per-User-Basis?
Mar 23, 2010
I'm attempting to give a few buddies encrypted storage space through sftp using truecrypt.I have it worked out to the point where the truecrypt volume is automatically mounted when the user logs on, and dismounted when they log off.I would like to restrict each person to their individual home folders. This way, I can control exactly how much space each user is able to use (through the size of the truecrypt volume), while maintaining security through the network due to using SFTP.
I've been looking around, and the only thing I can see is restricting a large group of users to a single directory, this won't work, I need each person to be locked down to their personal home directory.My end goal is to have these volumes "mountable" in Windows through the use of Windows network drives (on a wide network, not through samba on local), or by using expandrive or a similar program. how I can lock these users to their respective home folders?
View 9 Replies
ADVERTISEMENT
Jul 12, 2011
recently we decided to make our own panel (like Plesk or cPanel) but for Ubuntu and it will be licenced under GPL (like any other professional sofware).want to make a panel not only that fits our needs but also the needs of other system administrators and domain owners. We researched other panels and found out that non of them has security/look/ease of use in one package. Bad codig is another problem found in other panels.I made a short overwiev of what I think we have to have in the beginning.I Security :1. Completely chroot enviornoment where every single service is in chroot mode (bind,mysql, postfix, .... )2. Easily managed IPtables trough web-based interface. 3. Coding rules has to be strict.
II Software selection :
1. MTA - Postfix
2. POP - dovecot
[code]....
View 7 Replies
View Related
May 23, 2010
I'm wondering if it's possible to control what applications are available to certain users on a per user basis.
My motivation:
I have separate logins for audio production and general admin. Under Applications > Sound & Video I have tonnes of audio apps, but as I never use these under my general admin account, there's little reason to list all of them.
how is the applications menu configured? I'm wondering because I'd like to create some custom sections.
View 7 Replies
View Related
Mar 25, 2011
I've decided to move this question into a new thread since i haven't received an answer for 3 days. This question was originaly posted here: [URL]... I've already searched in google, however i wasn't able to find an answer that solves my problem... How can i change the umask on a per user basis so that each user can have its own umask to fit his needs? For example: I have four accounts on my system ex.
admin1 : admin,
admin2 : admin,
manager : stuff,
user : user,
-So now I want everything from the admin group to be by default set to 002 (so that every user that is in the admins group can have a full share (-rwx rwx r--) of everything that is created by the admins).
-Then the similar to the above managers shoud have 022 umask.
-And each of the regular users should have 002 or 022 or 077 it is up to the users choice.
I hope that i have provided enough info thorough the example.
View 4 Replies
View Related
Mar 30, 2010
is it considered standard practice to change the user password on a regular basis and if so how often?
View 4 Replies
View Related
Mar 27, 2010
I have a 9.04 machine that is used by the family with two accounts set up. One is mine with sudoer privileges and I prefer fluxbox. The other account is for everyone else and the rest of the family prefers gnome. Is there a way to set the default DE/windowmanager for each user so that each user simply has to login and be in their preferred environment?
View 1 Replies
View Related
May 23, 2011
Slackware: 13.0
After having some problems with iptables not picking up automatically (without restart) the transition from winter time to summer time, and on advice from the iptables/netfilter mailing list, I've decided recently to go down the Unix way and set my hardware clock time to UTC/GMT instead of local time. I am, however, having some difficulty reconfiguring my entire machine to cope with this change.
1. I've used /usr/sbin/timeconfig - which took care of system wide timezone. After that, if I opened a terminal, du "su root" - and then check the date - it looks good. Doesn't affect though the logged in (non-root) user. Running "date" in bash window for logged (non-root) user returns wrong time (UTC) instead of local time.
2. I've added an export statement in ~/.bashrc, to set the timezone for the user account I use. That fixes the time for the logged in user, but only in the terminal. The time in fluxbox/X is still the UTC time.
Where is XOrg taking it's timezone for the logged in user? Do I amend/add to XOrg.conf? At the moment there is nothing about time zone in Xorg.conf (only contains few tweaked settings I've added to it - as I believe most of the rest is autoconfigured). I've searched - but couldn't find how Slackware configures timezones for individual users - aside from the timeconfig utility used during setup.
View 6 Replies
View Related
Jun 28, 2010
I installed SSH-keygen dependancies for a /chroot user.
I can now execute ssh-keygen from the /chroot user BUT I receive a message PRNG is not seeded.
When I do it from any of the users that are not /chroot users, it works fine.
View 2 Replies
View Related
Mar 26, 2009
how to config details of samba with commands not from gui
View 2 Replies
View Related
Oct 22, 2010
Is there a way where i can chroot their user home directory, lets say the user login on linux box /home/user, what i wanted to do is to chroot /home/user where user won't be able to browse the filesystem which is /. Tnx
View 1 Replies
View Related
Mar 24, 2010
Its been two days over, after my search started . But I didn't find answer any where ?. I need to call chroot as part of normal user, but to my surprise it can only be called by SUper user with CAP_SYS_CHROOT capabilities. I am not sure how to add this capability to my user .
View 10 Replies
View Related
May 31, 2011
I am having an issue with a Chrooted SFTP User not being able to write files.
The permissions are setup correctly as if I remove the Chroot the user can write files correctly.
User has a transfer folder which they should be able to write files to and read from, this works correctly until I apply the snippet from sshd_config file below then the user can only read files. I have tried tweaking the permissions but this doesn't seem to have helped at all.code...
View 2 Replies
View Related
Jun 22, 2011
I've config vsftpd chroot mode follow:
Code:
Code:
View 4 Replies
View Related
Aug 13, 2010
I'm wanting to setup SFTP in a chroot, which is simply enough to do and I already have it working; however I also want it so that when they connect via SFTP it goes directly to their home directory. Currently I have the following in "/etc/ssh/sshd_config":
Code:
Subsystem sftp internal-sftp
Match Group sftp-users
ChrootDirectory /home
AllowTCPForwarding no
ForceCommand internal-sftp
Which works perfectly fine, however when they connect there are shown the contents of the "/home" directory which they then have to "cd username" to get to their home directory. This I do not like, and it confuses our clients who connect saying they can see "random folders that aren't mine", or some that think they've "hacked" the server. I really need it so upon connection they go to "username" directory. I can do this by using:
Code:
usermod -d /username username
Which changes the users home directory to "/username", and then upon connection it works just fine, they are taken directory to their home directory. However, I really really do not like the fact that "/etc/passwd" shows a different home directory to their real home directory, i.e it states "/username" when actually it is "/home/username".I've spent the entire day looking a different ways of doing it, and I can't come up with anything.
View 3 Replies
View Related
Jul 14, 2010
I've been searching the web, without finding any sollution to my problem.vsFTPd is acting really weird. I've never seen this problem before, and I've been using vsftpd for some years nowWell.. The thing is, I've made a user that chroots to the folder /var/www on my server. And when I then try to chmod the file /var/www/htdocs/testsite/index.html through my ftp-client, I only get the error "550 SITE CHMOD command failed.", and when I then check in my /var/log/vsftpd.log it says
Code:
FAIL CHMOD: Client "192.168.50.58", "/htdocs/testsite/index.html 777"
Which I think would mean that it tries to chmod the file "/htdocs/testsite/index.html" instead of chmod the
[code]....
View 7 Replies
View Related
May 21, 2010
I have an SFTP server using OpenSSH on a server running Fedora 12. I want to chroot my sftponly users into their home directory but I want to let them have write access to their upload/ folder. Right now users can log in and view & download items, but for some reason I can't get write access to work. Here's some info:
username: testuser
group: sftponly
from /etc/passwd:
testuser:x:501:501::/home/testuser/:/bin/false
[code]...
View 1 Replies
View Related
Oct 29, 2010
Im trying to limit the diskspace users on the system may consume, and i found quotas (im a total linux noob). But when i try to set it, no matter what i set it to the maximus is 2 GB. Now... i need quite a lot more than that. One user should be able to use 1900 GB and the other 600 GB. How can i fix this? Im using ubuntu server 10.04.
View 9 Replies
View Related
Aug 16, 2010
I know many apps have their own independent volume controls, but not all do. Is there any way to control this in a similar manner as Windows 7?
View 4 Replies
View Related
Jun 30, 2010
I am currently in a project to set up an LTSP server with 10 thin clients. I am using Ubuntu 9.10 (Karmic).
Installing server and booting clients are working fine. Now, according to the need, I have to restrict user session numbers and allow resuming previous user session.
I have achieved to do the first one, but still could not able to setup the second one. As per requirement, if some thin can have power failure, the same session should be restored back. I am confused here, if I need to focus on saving xsessions or saving gnome sessions. I am looking for a concrete solution as I am running out of time.
View 1 Replies
View Related
May 19, 2011
inside my Linux I am using virtual box to launch windows xp. I have one shared folder between the operating systems so as to share my files As I can not trust virtual box and windows xp... can you suggest me an easy way to take daily backups of one of the folders I have inside that shared folder?The files are mostly html files so the file size is not so much of a problem (at least I think!)How can I take daily backups so to not lose something?
View 6 Replies
View Related
Aug 14, 2010
I am currently doing RHCE. I want to make projects on basis of this.
View 8 Replies
View Related
Jan 26, 2011
I currently use two laptops: a macbook which dual boots OSX and Ubuntu 10.10 and a Dell Latitude which dual boots Vista and Fedora 14 64bit. I would like to know if it is possible to backup the Hard drive as a whole rather than on a per OS basis. If this is possible a linux program for doing such would be the preferred method as it is common to both machines.
I am open to anything that effectively and reliably backs up both machines respective disks in such a manner which allows for practical restoration. This does not have to be done from one OS though this is my preference.
View 5 Replies
View Related
Jul 15, 2011
We are a small company running half a dozen servers in data center.Recently we got charged heavily for over-utilizing the data transfer. So,we are looking for a way to find - uploads and downloads per ip and port basis.We have mixed environment (Win2008/Ubuntu) so the tool should be able to work for both.I am not sure if MRTG provides per port(i.e. application) based analysis.
View 4 Replies
View Related
May 25, 2010
What command would I use to clear dns and cache on a hourly basis.
View 1 Replies
View Related
Jul 11, 2011
Is there a way in Linux to give a specific application more/less priority for network bandwidth? Something like how nice does for CPU priority.
Context: I'm currently on a very low bandwidth connection (3G dongle). While I'm performing a quite large upgrade using aptitude, it becomes virtually impossible to browse the web since the upgrade download is hogging my Internet connection.
So what I would like to do is somehow decrease the network bandwidth priority of the aptitude process (and all its children) so that it won't use too much bandwidth while another process is using it.
View 1 Replies
View Related
Jul 27, 2010
Is there some way of getting plane wave basis set on gamess or gaussian. If not suggest a software with this facility.
View 1 Replies
View Related
Oct 26, 2010
I need to process a log file on an hourly basis but the log only rotates once a day.Basically, I am trying to get the difference between the previous file and the current file based on datetime. ie. The new file's datetime events > previous file's datetime events.The first field in the files is datetime.
Code:
2010-10-27 01:57:32,aaa.bbb.ccc.ddd,host1
2010-10-27 01:57:32,aaa.bbb.ccc.ddd,host2
[code]...
View 4 Replies
View Related
Dec 9, 2009
I have an odd problem - that I'm having difficulty tracking down the cause!
Since upgrading F12 I have had varying levels of success booting in. Let me explain.
1. Boot
2. Plymouth graphic progresses
3. Freezes at GDM/login screen - Mouse freezes and Keyboard lights flash
4. Hard Reset with pushed in power button
5. Repeat with different kernel - usually the same result (the only exception appears to be 2.6.31.5-127.fc12.i686 kernel - this appears to have a better boot success than the other kernels listed)
In particular the .PAE kernels do not boot AT ALL ( this includes the 6-145 and 6-162 kernels). However the .PAE kernels did work on F11!
ABRT does seem to capture the following kerneloops (url very frequently (yes I do return them to kerneloops)
BUT on reviewing the /var/log/messages file they don't appear to coincide with these boot failures times!
View 2 Replies
View Related
Aug 24, 2010
I am using Redhat 5.3 , I configured well access list using IP address, but my customer want to access list on MAC address basis.
View 2 Replies
View Related
Apr 23, 2010
I am new to shell script and to this form as well, I did try to search for a similar post like mine here, but could not find one.
Here is what I'm trying to do:
I am trying to grep server logs to find a specific string and then capture the time stamp and the value of that grep string in them. The log file prints out messages on per sec basis.
My script is able to grep the server logs for the entire period of my load runs and then outputted it to a .csv file too.
Unfortunately this .csv file is too large to extract it on my PC and to generate graphs as it exceeds the excel limit. I need some help on how to read this .csv file in a shell script and then take an average on per min basis before I can export it out on my desktop and generate graphs for analysis. example of the out in my .csv file:
View 1 Replies
View Related