LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-22-2013, 05:10 PM   #1
trackstar2000
Member
 
Registered: Apr 2013
Posts: 42

Rep: Reputation: Disabled
Linux user for running application.


Hello,

I might have to create a few users (probably 2) so they can SSH into the server and do statistics calculations (math application). Right now I don't have the actual install package or details.

In general, what kind of permission do I need to give these users? The OS will be Centos.


Thanks advance,
 
Old 04-22-2013, 05:22 PM   #2
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,125

Rep: Reputation: 164Reputation: 164
It depends on what they need to do. Ordinary users can't do a whole lot so that's good. Do they need to do anything with elevated privileges? If not, make sure they're not in /etc/suauth, /etc/sudoers, or /etc/sudoers.d/*

Have a look at the environment settings and clean out what isn't needed. Beyond that, you can look at restricted shells, etc. but it would be best to know what they're doing and whether they're doing it from a secure or insecure location
 
Old 04-22-2013, 06:42 PM   #3
gdizzle
Member
 
Registered: Jul 2012
Posts: 234

Rep: Reputation: Disabled
If it's custom app or shell script. you could lock it down, e.g. login with SSH.

Create a group home directory:

Code:
/home/maths
Create a Group:

Code:
groupadd  mathsteam
Modify the permissons of /home/maths

Code:
chgrp mathsteam /home/maths
Add the User mathguy1 to the group.

Code:
useradd -g mathsteam -d /home/maths  mathguy1
Load the application from login (if they are using the bash shell) modify the .bash_profile file in:

Code:
vim /home/maths/.bash_profile

INSERT CODE HERE
This way as soon as they login with there user account via SSH, the application is loaded. If they exit out of the application they should only have basic user permissons, e.g. to there group home folder and /tmp, etc.

Again it's hard to know what you want without the full details.
 
Old 04-22-2013, 06:48 PM   #4
trackstar2000
Member
 
Registered: Apr 2013
Posts: 42

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by gdizzle View Post
If it's custom app or shell script. you could lock it down, e.g. login with SSH.

Create a group home directory:

Code:
/home/maths
Create a Group:

Code:
groupadd  mathsteam
Modify the permissons of /home/maths

Code:
chgrp mathsteam /home/maths
Add the User mathguy1 to the group.

Code:
useradd -g mathsteam -d /home/maths  mathguy1
Load the application from login (if they are using the bash shell) modify the .bash_profile file in:

Code:
vim /home/maths/.bash_profile

INSERT CODE HERE
This way as soon as they login with there user account via SSH, the application is loaded. If they exit out of the application they should only have basic user permissons, e.g. to there group home folder and /tmp, etc.

Again it's hard to know what you want without the full details.

Thanks guys. When I get the full details, I will report back.
 
Old 04-22-2013, 07:16 PM   #5
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
You could also use the sshd ForceCommand option http://www.openbsd.org/cgi-bin/man.c...nfig&sektion=5.
The part that's not clear is whether this is a general qn on user setup, or whether you really don't trust the users.
Different considerations apply.
 
Old 04-22-2013, 07:42 PM   #6
trackstar2000
Member
 
Registered: Apr 2013
Posts: 42

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by chrism01 View Post
You could also use the sshd ForceCommand option http://www.openbsd.org/cgi-bin/man.c...nfig&sektion=5.
The part that's not clear is whether this is a general qn on user setup, or whether you really don't trust the users.
Different considerations apply.
They are faculty. We trust them but just want the least headache in the future. So its a general user setup.
 
Old 04-22-2013, 08:36 PM   #7
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
In that case gdizzle's soln is good enough, although you could skip the last bit if they need to do other stuff.
Just putting them in the right group and telling them what to type should do it.
ForceCommand is also overkill for this situation.
 
Old 04-22-2013, 08:45 PM   #8
trackstar2000
Member
 
Registered: Apr 2013
Posts: 42

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by chrism01 View Post
In that case gdizzle's soln is good enough, although you could skip the last bit if they need to do other stuff.
Just putting them in the right group and telling them what to type should do it.
ForceCommand is also overkill for this situation.

I found out the name of the software package (Called MatLab)-->http://www.mathworks.com/support/

If this software resembles our other software that runs on Windows, the users log into windows via RDP. Then run the shortcut (exe). The calculation begins for a duration. Once it is completed, he/she saves the output into their own home directory.


I will get the software very soon and will post back.

Last edited by trackstar2000; 04-22-2013 at 09:24 PM.
 
Old 04-22-2013, 09:27 PM   #9
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 7,151

Rep: Reputation: 2203Reputation: 2203Reputation: 2203Reputation: 2203Reputation: 2203Reputation: 2203Reputation: 2203Reputation: 2203Reputation: 2203Reputation: 2203Reputation: 2203
You certainly want to give them "ordinary user" accounts. If they are faculty members, then I suggest giving them individual accounts, because they probably prefer to have their own private workspaces.

I also suggest that you create a faculty group, and that you add all faculty-members to this group.

By all means, ask them what they prefer, then (with approval from whoever) facilitate their wishes. You can associate a user-id with many groups. (To see what I mean, execute the groups command on your own account.) You might wish to create groups for different departments. The key objective is simply to give the esteemed faculty members the access that they prefer, and the privacy they request.

("Long, long ago, in a galaxy far, far away," I faced similar objectives and challenges. And the flexibility of the multiple-groups facility was a distant, hopeless wish in that godforsaken environment.)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Running Linux inside Windows as application zilog6502 Linux - Software 3 07-10-2012 12:16 PM
running on windows application developped on linux abd_bela Programming 0 05-29-2012 12:22 PM
Running an application using an ordinary user navidpaya Linux - General 3 08-03-2009 03:39 AM
Running an application at startup for a specific user wittyguysuku Linux - General 4 09-21-2006 04:44 AM
Running application after installing(New to linux) farrukh Linux - General 2 05-07-2004 04:42 AM


All times are GMT -5. The time now is 11:04 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration