Solved

adding a user

Posted on 2004-04-13
10
298 Views
Last Modified: 2013-12-15
I am running a linux based server and want to add a user.

I want this user to only access a directory /var/www/consoles I dont want him to browse any of the other directories on the server.

I want him only to have ftp, I dont want him having any ssh access

What is the easiest way to do this? And I need full commands.

I need this urgently.
0
Comment
Question by:ccrilly
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
10 Comments
 
LVL 10

Expert Comment

by:Mercantilum
ID: 10820393
1. create user

user useradd with -s and -d

   user -d /var/www/consoles -s rbash username

the user will be "chrooted" in its home directory, e.g. /var/www/consoles.
Ensure access rights are set...
  man useradd
for more info.

2.  ftp
once the user is chrooted, you dont have to worry much about what he cannot do (almost nothing),
so you have to create a .bashrc  (or other)  setting the PATH to be a directory where you put what he can use,
ensure the .bashrc and home dir have correct access rights! (not to modify it)
e.g.
  PATH=/var/www/hisbin
contains a link to  /usr/bin/ftp
  ( cd /var/www/hisbin ; ln -s /usr/bin/ftp )

Let me know if you need more help.

Regards
0
 
LVL 10

Expert Comment

by:Mercantilum
ID: 10820503
Ooops the useradd line should be:

   useradd -d /var/www/consoles -s /usr/bin/rbash username

If rbash does not exist, go to /usr/bin and do
   ln  bash  rbash
0
 

Author Comment

by:ccrilly
ID: 10820663
I tried your solution and it is not working.
Im running redHat release 7.3
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 10

Expert Comment

by:Mercantilum
ID: 10820700
What is not working ?
What do you get ?
It works on mine.
- pb with useradd ?
- pb with rbash ?
0
 

Author Comment

by:ccrilly
ID: 10820848
You lost me here:

2.  ftp
once the user is chrooted, you dont have to worry much about what he cannot do (almost nothing),
so you have to create a .bashrc  (or other)  setting the PATH to be a directory where you put what he can use,
ensure the .bashrc and home dir have correct access rights! (not to modify it)
e.g.
  PATH=/var/www/hisbin
contains a link to  /usr/bin/ftp
  ( cd /var/www/hisbin ; ln -s /usr/bin/ftp )
0
 
LVL 10

Accepted Solution

by:
Mercantilum earned 250 total points
ID: 10820905
--- Ok, if you did the 1. part well, do

    su - newuser

as the new user this should be not working anymore ...

    cd /

do control-d to exit the new user restricted shell.


--- Regarding the 2nd part, ftp.

Edit the user home .bashrc file

    cd /var/www/consoles
    vi  .bashrc

Ensure the path of the user is restricted to what tou authorize only. So add a line like:

PATH=/var/www/hisbin

Save. now you have to create the directory hisbin, and create links to programs you want him to be able to use

   cd /var/www
   mkdir hisbin
   cd hisbin
   ln -s /usr/bin/ftp

Try again now

    su - newuser

Try to enter as the new user

    ftp

it should work, now try

   ssh

it should *not* work.


--- if you still have problem please provide the output of [newuser being your newuser login]
    grep  newuser  /etc/passwd
    ls -l  /var/www
    ls -l  /var/www/hisbin
    cat  /var/www/consoles/.bashrc
0
 
LVL 9

Assisted Solution

by:Alf666
Alf666 earned 250 total points
ID: 10822406
Hem... This is much too complicated.

Just create the user without a shell (/dev/null), and install a really secure ftp server (vsftpd) :

http://vsftpd.beasts.org/

As he has no shell, he will not be able to connect. And the only application you need for him is ftp, so restrict him under the proper software.

0
 
LVL 10

Expert Comment

by:Mercantilum
ID: 10823457
1 - Well, do you want an actual user able to login with no access to ssh but access to ftp, from your server
2 - or do you need a ftp account, accessible from outside through ftp? (but not ssh)

The solution proposed in my first answer for the 1st case.


If it is the 2nd case, and you install the vsftpd, ensure you have (at least) the following lines in your vsftpd.conf:

a) ensure this line is yes: [this is for users not to be able to go out of their home dir]

chroot_local_user=YES

b) ensure the following lines are present

userlist_enable=YES
userlist_file=/etc/vsftpd.auth     <== here put the path to list of users able to access ftp in the file vsftpd.auth
userlist_deny=NO

c) put in your /etc/vsftpd.auth (/etc or elsewhere) the list of users able to do ftp on your server, like (newuser is the name of your user)
newuser

Ensure you create the user in this case as

   useradd -d /var/www/consoles -s /bin/false  newuser

/bin/false is for no login (ssh), commonly used on linux to prevent login.

Please ask if you need more help, as it is exactly the setup I have on my server :)
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question