[SOLVED] How to create new user that can login SSH only and cant do other things else?
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
If the given user is not supposed to use the cd and ls programs, then he/she will be limited to a single directory without the ability to see what files are available. So the question actually is - what is the user suppossed to do with such a login? If it's only about launching some script once in a while or reading a specific file, then your better off providing a web interface with a PHP or Perl script to launch a task or view a file. Then you don't have to deal with all the hassles of chroot jails and permissions.
The user is only given permission to access the server using SSH but not FTP and other method else.
I ned the user to login and make use the server serve as a proxy server.
So I must disallow user to perform cd/ls command due to the security issue ^^
In other words your setting up an account for the purposes of using a socket 4 proxy over an SSH tunnel I am guessing? presumably with the task of bypassing some firewall in some location?
If you set the user's path up so they see no locations for binary files, that will "cut out" alot of programs, including top, free and users. However their are still ways they can get around it and built in functions of the shell like ls and cd will still work but a chroot root takes care of the problem of them being able to see other users data. Their ability to redefine $PATH is the only thing I can't think of how to block since if they know how to do that they can redefine it to get back access to applications... however despite all of this, the SSH server also included SFTP, if you removed their ability to write to the directory (ie only allow them read permissions) then their abilities with SFTP should be made useless.
Last edited by r3sistance; 04-13-2009 at 06:24 AM.