Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I might have to create a few users (probably 2) so they can SSH into the server and do statistics calculations (math application). Right now I don't have the actual install package or details.
In general, what kind of permission do I need to give these users? The OS will be Centos.
It depends on what they need to do. Ordinary users can't do a whole lot so that's good. Do they need to do anything with elevated privileges? If not, make sure they're not in /etc/suauth, /etc/sudoers, or /etc/sudoers.d/*
Have a look at the environment settings and clean out what isn't needed. Beyond that, you can look at restricted shells, etc. but it would be best to know what they're doing and whether they're doing it from a secure or insecure location
If it's custom app or shell script. you could lock it down, e.g. login with SSH.
Create a group home directory:
Code:
/home/maths
Create a Group:
Code:
groupadd mathsteam
Modify the permissons of /home/maths
Code:
chgrp mathsteam /home/maths
Add the User mathguy1 to the group.
Code:
useradd -g mathsteam -d /home/maths mathguy1
Load the application from login (if they are using the bash shell) modify the .bash_profile file in:
Code:
vim /home/maths/.bash_profile
INSERT CODE HERE
This way as soon as they login with there user account via SSH, the application is loaded. If they exit out of the application they should only have basic user permissons, e.g. to there group home folder and /tmp, etc.
Again it's hard to know what you want without the full details.
If it's custom app or shell script. you could lock it down, e.g. login with SSH.
Create a group home directory:
Code:
/home/maths
Create a Group:
Code:
groupadd mathsteam
Modify the permissons of /home/maths
Code:
chgrp mathsteam /home/maths
Add the User mathguy1 to the group.
Code:
useradd -g mathsteam -d /home/maths mathguy1
Load the application from login (if they are using the bash shell) modify the .bash_profile file in:
Code:
vim /home/maths/.bash_profile
INSERT CODE HERE
This way as soon as they login with there user account via SSH, the application is loaded. If they exit out of the application they should only have basic user permissons, e.g. to there group home folder and /tmp, etc.
Again it's hard to know what you want without the full details.
Thanks guys. When I get the full details, I will report back.
You could also use the sshd ForceCommand option http://www.openbsd.org/cgi-bin/man.c...nfig&sektion=5.
The part that's not clear is whether this is a general qn on user setup, or whether you really don't trust the users.
Different considerations apply.
You could also use the sshd ForceCommand option http://www.openbsd.org/cgi-bin/man.c...nfig&sektion=5.
The part that's not clear is whether this is a general qn on user setup, or whether you really don't trust the users.
Different considerations apply.
They are faculty. We trust them but just want the least headache in the future. So its a general user setup.
In that case gdizzle's soln is good enough, although you could skip the last bit if they need to do other stuff.
Just putting them in the right group and telling them what to type should do it.
ForceCommand is also overkill for this situation.
In that case gdizzle's soln is good enough, although you could skip the last bit if they need to do other stuff.
Just putting them in the right group and telling them what to type should do it.
ForceCommand is also overkill for this situation.
If this software resembles our other software that runs on Windows, the users log into windows via RDP. Then run the shortcut (exe). The calculation begins for a duration. Once it is completed, he/she saves the output into their own home directory.
I will get the software very soon and will post back.
Last edited by trackstar2000; 04-22-2013 at 08:24 PM.
You certainly want to give them "ordinary user" accounts. If they are faculty members, then I suggest giving them individual accounts, because they probably prefer to have their own private workspaces.
I also suggest that you create a faculty group, and that you add all faculty-members to this group.
By all means, ask them what they prefer, then (with approval from whoever) facilitate their wishes. You can associate a user-id with many groups. (To see what I mean, execute the groups command on your own account.) You might wish to create groups for different departments. The key objective is simply to give the esteemed faculty members the access that they prefer, and the privacy they request.
("Long, long ago, in a galaxy far, far away," I faced similar objectives and challenges. And the flexibility of the multiple-groups facility was a distant, hopeless wish in that godforsaken environment.)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.