LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-06-2011, 03:21 AM   #1
amartlk
Member
 
Registered: Sep 2010
Location: Nagpur India
Posts: 347

Rep: Reputation: 1
how to create nonadmin


hi
i have centos5.3 i want to create user with non admin privilges
he is unable to see contents of server only he will able to login nothing else

AMar
 
Old 05-06-2011, 04:18 AM   #2
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
Hi,

Could you be more specific? A normal user does not have admin privileges.

When you create a user in centos this user will have a group associated with it that is unique for that user (if you create user foo it will get group foo as well). This makes the privileges of that user more restrictive. Have a look here: Chapter 32. Users and Groups

You mention that this user should be able to log in and nothing else. So this user cannot execute any commands once logged in?
 
Old 05-06-2011, 04:30 AM   #3
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670
Quote:
he is unable to see contents of server only he will able to login nothing else
Could you explain this part. Is this a user who can access the ftp or sftp service, and you don't want them to be able to cd above the public/ directory?

A normal user doesn't have admin rights, but being able to access libraries and some files in /etc/ or /usr/ is needed to run programs as a normal user.
 
Old 05-06-2011, 06:56 AM   #4
amartlk
Member
 
Registered: Sep 2010
Location: Nagpur India
Posts: 347

Original Poster
Rep: Reputation: 1
Thanks for reply

i want user are able to login to server througt ssh from internet ,but i want this user not able to view directory, not fired any command do not delete anything only pure login through ssh from internet
 
Old 05-06-2011, 08:12 AM   #5
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
Hi,

Although I don't see the point in letting a user have access to a machine and then deny this user any actions, maybe this will do what you want:

In general a user has a shell he logs into (most commonly /bin/bash), the system knows which shell to use by looking at the appropriate line in /etc/passwd.

If you create the following file, called dead.stop.sh, in /bin:
Code:
#!/bin/bash
clear

echo "
You are logged in, but cannot do anything.
"

echo -n "Press any key to log out again : "
read KEY

exit 0
and replace the /bin/bash part with /bin/dead.stop.sh in /etc/passwd, this user can log in, but cannot do anything but log out again.

Steps to take to accomplish this (as root):
1) create the above script and give it execute permissions (chmod 555 /bin/dead.stop.sh),
2) create a normal user with useradd/adduser or the GUI (user is called foobar in this example),
3) give this user a valid password (passwd foobar),
4) open /etc/passwd and look for the foobar entry (probably the last line) which looks something like this: foobar:x:1000:1000::/home/foobar:/bin/bash. Change the bold part to /bin/dead.stop.sh.

If all went as planned the following should happen when trying to log into that user (ssh or normal login):
Code:
$ ssh foobar@exile
Password: <xyz>
(screen is cleared)

You are logged in, but cannot do anything.

Press any key to log out again : 
(after pressing any key)
Connection to exile closed.
Although I might have overlooked something I do believe you cannot break out of this script and gain shell access (please correct me if I'm wrong).

Hope this is what you are looking for.
 
Old 05-06-2011, 10:35 PM   #6
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670
Could you explain what the users will be doing after they log in?

For services where you want user names and permissions, but not shell access, you can use a restricted shell or nologin shell in the shell entry of /etc/passwd for that account.

Also look at chroot'ing. That is to copy only essential files & libraries needed by the user to a subdirectory, and running that service in a chroot'ed jail. This is often done for services such as apache and mail servers.

Last edited by jschiwal; 05-06-2011 at 10:50 PM.
 
Old 05-07-2011, 07:29 PM   #7
RockDoctor
Senior Member
 
Registered: Nov 2003
Location: Minnesota, US
Distribution: Fedora, Linux Mint, Ubuntu
Posts: 1,504

Rep: Reputation: 325Reputation: 325Reputation: 325Reputation: 325
Quote:
Originally Posted by druuna View Post
Code:
#!/bin/bash
clear

echo "
You are logged in, but cannot do anything.
"

echo -n "Press any key to log out again : "
read KEY

exit 0
.
 
Old 05-07-2011, 07:54 PM   #8
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 16,818

Rep: Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408
amartlk
can you pleaseexplain what it is you want and what you want the user to do
from the sound of it what the user can do is nothing nothing at all .
 
Old 05-08-2011, 02:36 AM   #9
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,275

Rep: Reputation: 370Reputation: 370Reputation: 370Reputation: 370
I suppose it's possible that the OP wants the remote user to be able to login to his machine to set up an SSH proxy to another host, but not to run any commands on the box. Using a restricted shell or chroot jail as suggested above seem like the best method for accomplishing this, but maybe SSH has another way.
 
Old 05-08-2011, 02:45 AM   #10
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 5.4, Mac OS 10.4 (tiger)
Posts: 1,005

Rep: Reputation: 79
I am gunna also suggest this user is probably after proxy or tunneling. I suppose if you wanted to allow somebody to SSH tunnel to the server for another service, say for an application or service then this might be a more secure route... else wise I don't see the point in this either.
 
Old 05-09-2011, 01:17 AM   #11
amartlk
Member
 
Registered: Sep 2010
Location: Nagpur India
Posts: 347

Original Poster
Rep: Reputation: 1
thanks for reply

i wants the remote user to be able to login throught internet in the local server through SSH , but not to run any commands on that server


AMAR .
 
Old 05-10-2011, 02:03 AM   #12
amartlk
Member
 
Registered: Sep 2010
Location: Nagpur India
Posts: 347

Original Poster
Rep: Reputation: 1
Thanks it work for me
 
Old 05-10-2011, 03:18 AM   #13
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
Hi,

Glad to see this is solved.

And: You're welcome
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Squirrelmail: Query: CREATE "INBOX.Sent" Reason Given: Cannot create this folder. Chiragrs Linux - Server 2 03-10-2008 12:37 PM
How to create bridge and how to create hub? Grawp Linux - Networking 5 04-22-2007 06:10 AM
Samba: "homes" share, cannot create directories, can create files Herg Linux - Software 1 09-14-2006 09:48 AM
Create software RAID partitions first, then create filesystem partitions on top of th stefanlasiewski Linux - Software 1 04-28-2004 05:12 PM
Linux, Create Dirs=no, Create files=yes. Possible? tisource Linux - General 4 01-12-2004 11:05 PM


All times are GMT -5. The time now is 05:59 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration