?
Solved

adding a user

Posted on 2004-04-13
10
Medium Priority
?
300 Views
Last Modified: 2013-12-15
I am running a linux based server and want to add a user.

I want this user to only access a directory /var/www/consoles I dont want him to browse any of the other directories on the server.

I want him only to have ftp, I dont want him having any ssh access

What is the easiest way to do this? And I need full commands.

I need this urgently.
0
Comment
Question by:ccrilly
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
10 Comments
 
LVL 10

Expert Comment

by:Mercantilum
ID: 10820393
1. create user

user useradd with -s and -d

   user -d /var/www/consoles -s rbash username

the user will be "chrooted" in its home directory, e.g. /var/www/consoles.
Ensure access rights are set...
  man useradd
for more info.

2.  ftp
once the user is chrooted, you dont have to worry much about what he cannot do (almost nothing),
so you have to create a .bashrc  (or other)  setting the PATH to be a directory where you put what he can use,
ensure the .bashrc and home dir have correct access rights! (not to modify it)
e.g.
  PATH=/var/www/hisbin
contains a link to  /usr/bin/ftp
  ( cd /var/www/hisbin ; ln -s /usr/bin/ftp )

Let me know if you need more help.

Regards
0
 
LVL 10

Expert Comment

by:Mercantilum
ID: 10820503
Ooops the useradd line should be:

   useradd -d /var/www/consoles -s /usr/bin/rbash username

If rbash does not exist, go to /usr/bin and do
   ln  bash  rbash
0
 

Author Comment

by:ccrilly
ID: 10820663
I tried your solution and it is not working.
Im running redHat release 7.3
0
What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

 
LVL 10

Expert Comment

by:Mercantilum
ID: 10820700
What is not working ?
What do you get ?
It works on mine.
- pb with useradd ?
- pb with rbash ?
0
 

Author Comment

by:ccrilly
ID: 10820848
You lost me here:

2.  ftp
once the user is chrooted, you dont have to worry much about what he cannot do (almost nothing),
so you have to create a .bashrc  (or other)  setting the PATH to be a directory where you put what he can use,
ensure the .bashrc and home dir have correct access rights! (not to modify it)
e.g.
  PATH=/var/www/hisbin
contains a link to  /usr/bin/ftp
  ( cd /var/www/hisbin ; ln -s /usr/bin/ftp )
0
 
LVL 10

Accepted Solution

by:
Mercantilum earned 1000 total points
ID: 10820905
--- Ok, if you did the 1. part well, do

    su - newuser

as the new user this should be not working anymore ...

    cd /

do control-d to exit the new user restricted shell.


--- Regarding the 2nd part, ftp.

Edit the user home .bashrc file

    cd /var/www/consoles
    vi  .bashrc

Ensure the path of the user is restricted to what tou authorize only. So add a line like:

PATH=/var/www/hisbin

Save. now you have to create the directory hisbin, and create links to programs you want him to be able to use

   cd /var/www
   mkdir hisbin
   cd hisbin
   ln -s /usr/bin/ftp

Try again now

    su - newuser

Try to enter as the new user

    ftp

it should work, now try

   ssh

it should *not* work.


--- if you still have problem please provide the output of [newuser being your newuser login]
    grep  newuser  /etc/passwd
    ls -l  /var/www
    ls -l  /var/www/hisbin
    cat  /var/www/consoles/.bashrc
0
 
LVL 9

Assisted Solution

by:Alf666
Alf666 earned 1000 total points
ID: 10822406
Hem... This is much too complicated.

Just create the user without a shell (/dev/null), and install a really secure ftp server (vsftpd) :

http://vsftpd.beasts.org/

As he has no shell, he will not be able to connect. And the only application you need for him is ftp, so restrict him under the proper software.

0
 
LVL 10

Expert Comment

by:Mercantilum
ID: 10823457
1 - Well, do you want an actual user able to login with no access to ssh but access to ftp, from your server
2 - or do you need a ftp account, accessible from outside through ftp? (but not ssh)

The solution proposed in my first answer for the 1st case.


If it is the 2nd case, and you install the vsftpd, ensure you have (at least) the following lines in your vsftpd.conf:

a) ensure this line is yes: [this is for users not to be able to go out of their home dir]

chroot_local_user=YES

b) ensure the following lines are present

userlist_enable=YES
userlist_file=/etc/vsftpd.auth     <== here put the path to list of users able to access ftp in the file vsftpd.auth
userlist_deny=NO

c) put in your /etc/vsftpd.auth (/etc or elsewhere) the list of users able to do ftp on your server, like (newuser is the name of your user)
newuser

Ensure you create the user in this case as

   useradd -d /var/www/consoles -s /bin/false  newuser

/bin/false is for no login (ssh), commonly used on linux to prevent login.

Please ask if you need more help, as it is exactly the setup I have on my server :)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Fine Tune your automatic Updates for Ubuntu / Debian
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses
Course of the Month8 days, 3 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question