Linux user for running application.
 

Hello,

I might have to create a few users (probably 2) so they can SSH into the server and do statistics calculations (math application). Right now I don't have the actual install package or details.

In general, what kind of permission do I need to give these users? The OS will be Centos.


Thanks advance,

It depends on what they need to do. Ordinary users can't do a whole lot so that's good. Do they need to do anything with elevated privileges? If not, make sure they're not in /etc/suauth, /etc/sudoers, or /etc/sudoers.d/*

Have a look at the environment settings and clean out what isn't needed. Beyond that, you can look at restricted shells, etc. but it would be best to know what they're doing and whether they're doing it from a secure or insecure location

If it's custom app or shell script. you could lock it down, e.g. login with SSH.

Create a group home directory:

Create a Group:

Modify the permissons of /home/maths

Add the User mathguy1 to the group.

Load the application from login (if they are using the bash shell) modify the .bash_profile file in:

This way as soon as they login with there user account via SSH, the application is loaded. If they exit out of the application they should only have basic user permissons, e.g. to there group home folder and /tmp, etc.

Again it's hard to know what you want without the full details.

Thanks guys. When I get the full details, I will report back.

You could also use the sshd ForceCommand option http://www.openbsd.org/cgi-bin/man.c...nfig&sektion=5.
The part that's not clear is whether this is a general qn on user setup, or whether you really don't trust the users.
Different considerations apply.

They are faculty. We trust them but just want the least headache in the future. So its a general user setup.

In that case gdizzle's soln is good enough, although you could skip the last bit if they need to do other stuff.
Just putting them in the right group and telling them what to type should do it.
ForceCommand is also overkill for this situation.

I found out the name of the software package (Called MatLab)-->http://www.mathworks.com/support/

If this software resembles our other software that runs on Windows, the users log into windows via RDP. Then run the shortcut (exe). The calculation begins for a duration. Once it is completed, he/she saves the output into their own home directory.


I will get the software very soon and will post back.

You certainly want to give them "ordinary user" accounts. If they are faculty members, then I suggest giving them individual accounts, because they probably prefer to have their own private workspaces.

I also suggest that you create a faculty group, and that you add all faculty-members to this group.

By all means, ask them what they prefer, then (with approval from whoever) facilitate their wishes. You can associate a user-id with many groups. (To see what I mean, execute the groups command on your own account.) You might wish to create groups for different departments. The key objective is simply to give the esteemed faculty members the access that they prefer, and the privacy they request.

("Long, long ago, in a galaxy far, far away," I faced similar objectives and challenges. And the flexibility of the multiple-groups facility was a distant, hopeless wish in that godforsaken environment.)