LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-26-2011, 10:59 AM   #1
Howey
LQ Newbie
 
Registered: Aug 2011
Posts: 8

Rep: Reputation: Disabled
Question sudo adduser [username]


I have a Debian 5 32-bit VPS. I want to be able to add users with their own login details, I can do this, however...

I want them to not have root access, I only want them to be able to see the files in the directory it creates them.

For example:

In the /home/ there is a new user (akito), and a directory called akito. Now when "akito" logs in he will be taken to his directory. I want it so he cannot go back, he is only allowed to access his directory.

How would I do this (If this makes sense).
 
Old 08-26-2011, 11:20 AM   #2
wpeckham
Senior Member
 
Registered: Apr 2010
Location: USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 1,650

Rep: Reputation: 568Reputation: 568Reputation: 568Reputation: 568Reputation: 568Reputation: 568
Access

How are they going to be allowed to log in?
What kinds of access do they need?
I need a lot more information to answer this.

If all of their access will be using OpenSSH (ssh, sftp, scp, rsync) you can use some special features of OpenSSH to restrict them to their own home folder. Other services (ftp for example) and console logins are not restricted by these settings.

To restrict EVERYTHING they do, you may want to look into CHROOT. There are scripts and tools to make setting it up easy, and it should contain EVERYTHING they do.

If they ONLY have ftp access, vsftp has some nice features to restrict a users activity to their home tree.

I look forward to finding out more about your requirement.
 
Old 08-26-2011, 11:27 AM   #3
Howey
LQ Newbie
 
Registered: Aug 2011
Posts: 8

Original Poster
Rep: Reputation: Disabled
They can use PuTTy to get SSH access and Something like WinSCP for the FTP client..

The users will only be allowed to add their own files in their directory, and not allowed to view anything else when in the FTP client.

PuTTy to host their games, as I plan on letting people have access so they can host their game (Games on a site I go on (BYOND)).

I basically want them to be able to login, add their files, and not be able to view anyone elses. Then they can open PuTTy to host their game with the commands I show them.
 
Old 08-26-2011, 02:01 PM   #4
MTK358
LQ 5k Club
 
Registered: Sep 2009
Posts: 6,443
Blog Entries: 3

Rep: Reputation: 720Reputation: 720Reputation: 720Reputation: 720Reputation: 720Reputation: 720Reputation: 720
So you don't want them to be able to see other users' files?

What about system files (i.e. /usr, /etc, /bin, /var, etc.)?
 
Old 08-26-2011, 02:30 PM   #5
Howey
LQ Newbie
 
Registered: Aug 2011
Posts: 8

Original Poster
Rep: Reputation: Disabled
That's right, and no I don't want them to be able to see system files.
 
Old 08-26-2011, 04:35 PM   #6
Howey
LQ Newbie
 
Registered: Aug 2011
Posts: 8

Original Poster
Rep: Reputation: Disabled
Bump (Not sure if allowed to do bumps (yn) )
 
Old 08-26-2011, 04:48 PM   #7
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,200

Rep: Reputation: 397Reputation: 397Reputation: 397Reputation: 397
sounds like a job for chroot, though some system files such as /tmp, /dev, /proc, /bin , /usr/bin and /usr/local/bin as well as /lib, /usr/local/lib and /usr/lib are necessary to run any software.
 
Old 08-27-2011, 09:29 AM   #8
wpeckham
Senior Member
 
Registered: Apr 2010
Location: USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 1,650

Rep: Reputation: 568Reputation: 568Reputation: 568Reputation: 568Reputation: 568Reputation: 568
Check your version of OpenSSH. The configuration parameter "ChrootDirectory" should be of special interest to you.
It makes the complexity and waste of traditional chroot containers obsolete AS LONG AS THE USERS ONLY ACCESS IS THROUGH SSH, which perfectly describes your situation.

Also check the 'match' parameter, it will allow your jail to only apply to members of a certain group.
There are examples and how-to documents on the OpenSSH sites.

Take care: Google may show you many obsolete means of accomplishing this! They can work, but with the latest versions it is very easy and does not involve recompiling packages or patching.

If your OpenSSH is not recent enough to support the easy way, check this HOW-TO (Or some of the others you can get using google): http://www.linuxquestions.org/linux/...n_Etch_Mepis_7

Last edited by wpeckham; 08-27-2011 at 09:37 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: The Ultimate Sudo FAQ To Sudo Or Not To Sudo? LXer Syndicated Linux News 13 04-13-2013 02:36 AM
command used: sudo su - username sandeep002gupta General 2 07-05-2011 12:08 PM
sudo :adduser: unable to lock password file khamdy Linux - General 9 10-13-2010 06:26 AM
sudo -i -u username Xephyr, fails multi Linux - Desktop 1 02-05-2010 05:43 PM
Postfix->filter Script->sudo adduser lawtoncooper Linux - General 0 07-23-2004 02:12 AM


All times are GMT -5. The time now is 10:28 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration