Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Hello, i have created a user on my linux box, with SSH access and added him to the sudoers file, i would like him to be able to install normally but his access be limited by the files he sees.
Adding him to the sudoers file gives him full access to the system.
This user should not have full access to the whole system i just want him to be able to install some packages, if you have any idea on how to go about this, please help me out.
Walter, did you add followiing line in sudoers for that user?
<username> ALL=(ALL) ALL
It will give that user full super-user privilages. So just remove this line, and add followig line, to give right for package installation only:
Then user <username> will be able to invoke this command only with super-user privilages, like:
Enter sudo password:
Is there a way of setting that user to only install packages and not remove them...
Though the same command is used to install as well as remove packeges, so as far as I understand, if a user has add privilages then he can remove as well.
Originally Posted by eyanu
Ok guys that worked out fine, but now how do i restrict his movement, i want to confine him to his directory let's say /var/www/vhosts/domainname.com
Confine means... do you want user to access /var/www/vhosts/domainname.com only? Apparently, it can be done by setting appropriate permissions. But it will not be so useful. So simply remove user from all important groups (check user groups using "id -a <username>" command) and set only read permission on crictical files/directories and restrict "write" permission for file owner only.
OK. Let's not make it complicated, but keep it simple. My practical experience says that if you want to restrict a user from accessing your important data in Unix environment, then I am repeating, that remove user from important groups, so user cannot alter your important file/directories. I don't think that there's any need of using chroot, but on the other hand, you can use "setgid" or "sticky bit" permissions, which I have been using for years for protecting user's critical project data from non-group members and others. In your case, both "setgid" and "sticky-bit" could be magical. So why don't you once try it...