Solved

adding a user

Posted on 2004-04-13
10
294 Views
Last Modified: 2013-12-15
I am running a linux based server and want to add a user.

I want this user to only access a directory /var/www/consoles I dont want him to browse any of the other directories on the server.

I want him only to have ftp, I dont want him having any ssh access

What is the easiest way to do this? And I need full commands.

I need this urgently.
0
Comment
Question by:ccrilly
  • 5
  • 2
10 Comments
 
LVL 10

Expert Comment

by:Mercantilum
ID: 10820393
1. create user

user useradd with -s and -d

   user -d /var/www/consoles -s rbash username

the user will be "chrooted" in its home directory, e.g. /var/www/consoles.
Ensure access rights are set...
  man useradd
for more info.

2.  ftp
once the user is chrooted, you dont have to worry much about what he cannot do (almost nothing),
so you have to create a .bashrc  (or other)  setting the PATH to be a directory where you put what he can use,
ensure the .bashrc and home dir have correct access rights! (not to modify it)
e.g.
  PATH=/var/www/hisbin
contains a link to  /usr/bin/ftp
  ( cd /var/www/hisbin ; ln -s /usr/bin/ftp )

Let me know if you need more help.

Regards
0
 
LVL 10

Expert Comment

by:Mercantilum
ID: 10820503
Ooops the useradd line should be:

   useradd -d /var/www/consoles -s /usr/bin/rbash username

If rbash does not exist, go to /usr/bin and do
   ln  bash  rbash
0
 

Author Comment

by:ccrilly
ID: 10820663
I tried your solution and it is not working.
Im running redHat release 7.3
0
 
LVL 10

Expert Comment

by:Mercantilum
ID: 10820700
What is not working ?
What do you get ?
It works on mine.
- pb with useradd ?
- pb with rbash ?
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 

Author Comment

by:ccrilly
ID: 10820848
You lost me here:

2.  ftp
once the user is chrooted, you dont have to worry much about what he cannot do (almost nothing),
so you have to create a .bashrc  (or other)  setting the PATH to be a directory where you put what he can use,
ensure the .bashrc and home dir have correct access rights! (not to modify it)
e.g.
  PATH=/var/www/hisbin
contains a link to  /usr/bin/ftp
  ( cd /var/www/hisbin ; ln -s /usr/bin/ftp )
0
 
LVL 10

Accepted Solution

by:
Mercantilum earned 250 total points
ID: 10820905
--- Ok, if you did the 1. part well, do

    su - newuser

as the new user this should be not working anymore ...

    cd /

do control-d to exit the new user restricted shell.


--- Regarding the 2nd part, ftp.

Edit the user home .bashrc file

    cd /var/www/consoles
    vi  .bashrc

Ensure the path of the user is restricted to what tou authorize only. So add a line like:

PATH=/var/www/hisbin

Save. now you have to create the directory hisbin, and create links to programs you want him to be able to use

   cd /var/www
   mkdir hisbin
   cd hisbin
   ln -s /usr/bin/ftp

Try again now

    su - newuser

Try to enter as the new user

    ftp

it should work, now try

   ssh

it should *not* work.


--- if you still have problem please provide the output of [newuser being your newuser login]
    grep  newuser  /etc/passwd
    ls -l  /var/www
    ls -l  /var/www/hisbin
    cat  /var/www/consoles/.bashrc
0
 
LVL 9

Assisted Solution

by:Alf666
Alf666 earned 250 total points
ID: 10822406
Hem... This is much too complicated.

Just create the user without a shell (/dev/null), and install a really secure ftp server (vsftpd) :

http://vsftpd.beasts.org/

As he has no shell, he will not be able to connect. And the only application you need for him is ftp, so restrict him under the proper software.

0
 
LVL 10

Expert Comment

by:Mercantilum
ID: 10823457
1 - Well, do you want an actual user able to login with no access to ssh but access to ftp, from your server
2 - or do you need a ftp account, accessible from outside through ftp? (but not ssh)

The solution proposed in my first answer for the 1st case.


If it is the 2nd case, and you install the vsftpd, ensure you have (at least) the following lines in your vsftpd.conf:

a) ensure this line is yes: [this is for users not to be able to go out of their home dir]

chroot_local_user=YES

b) ensure the following lines are present

userlist_enable=YES
userlist_file=/etc/vsftpd.auth     <== here put the path to list of users able to access ftp in the file vsftpd.auth
userlist_deny=NO

c) put in your /etc/vsftpd.auth (/etc or elsewhere) the list of users able to do ftp on your server, like (newuser is the name of your user)
newuser

Ensure you create the user in this case as

   useradd -d /var/www/consoles -s /bin/false  newuser

/bin/false is for no login (ssh), commonly used on linux to prevent login.

Please ask if you need more help, as it is exactly the setup I have on my server :)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now