Need to create a new user

wh33t · 09-19-2014, 05:35 PM

Hey LQ,

I need to permit a graphic designer to access a specific directory with read and write privileges to /var/www/html/subdomains/design.

Is there a simple command that will do exactly this?

suicidaleggroll · 09-19-2014, 05:50 PM

Do you want this user to be able to see the rest of the filesystem? Read and write to it? Is there anything you want to keep private?

If you don't mind that they see and interact with your entire system, then just set up a regular user account and make sure it has read/write access to the necessary directory.

If you don't want them to be able to see/access anything on the system except that one directory, then set up a chroot jail for the user and "mount --bind" the necessary directory into the jail.

wh33t · 09-19-2014, 05:55 PM

Quote:

Originally Posted by suicidaleggroll

Do you want this user to be able to see the rest of the filesystem? Read and write to it? Is there anything you want to keep private?

If you don't mind that they see and interact with your entire system, then just set up a regular user account and make sure it has read/write access to the necessary directory.

If you don't want them to be able to see/access anything on the system except that one directory, then set up a chroot jail for the user and "mount --bind" the necessary directory into the jail.

I only want them to read and write into the design directory. Being able to see the rest of the filesystem will probably just confuse him. I'm not familiar with chroot jailing at all. Got any links to good tutorials? I'll be googling in the meantime.

suicidaleggroll · 09-19-2014, 06:05 PM

Look into jailkit. The basic steps are (taken from my notes the last time I set one up):

Code:

tar xaf jailkit-2.17.tar.gz
cd jailkit-2.17
./configure
make
su
make install
cp extra/jailkit /etc/init.d/jailkit
chmod a+x /etc/init.d/jailkit
chkconfig jailkit on
mkdir /home/jail
jk_init -j /home/jail jk_lsh
jk_init -j /home/jail ssh
jk_init -j /home/jail basicshell
groupadd -g 1002 jailed_user
useradd -m -g 1002 -u 1002 jailed_user
passwd jailed_user
jk_jailuser -j /home/jail/ jailed_user
/etc/init.d/jailkit restart

Where "/home/jail" is the location of the jail on my system, and "jailed_user" is the new user that's going to be in the jail. I used UID/GID of 1002 here, but you could use whatever you like.

This will give them access to a basic shell, and if you "mount --bind" the design directory into their home directory in the jail they should have access to those files as well. You may need to "jk_init -j" some more utilities if they need them, such as text editors, etc.

Most of these steps are taken verbatim from their documentation.