LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-07-2008, 06:52 AM   #1
helptonewbie
Member
 
Registered: Aug 2006
Location: England Somewhere
Distribution: Mandriva, PCLinuxOS, Karoshi, Suse, Redhat, Ubuntu
Posts: 518

Rep: Reputation: 39
Question Whats the best way to set-up a user to run programs as?


Hi all,
I'm looking into and just wondering about just what it means when adding a user for use to run daemons/scripts or whatever. Basically whats the most secure way to create a user and allow this to happen. The way i do it is basically:-
groupadd testone
useradd -G testone testone


And then i'm thinking can you make that user more secure with making the shell default /bin/false and by adding the user in this way without use of a password is it possible to login as this user or does something else have to take place first maybe a `passwd`. In the state above of just adding the user and doing nothing else to it, how secure is that, could someone be able to login as that user even though there is no password for it....etc etc


is just something i'm suddenly interested in.

Regards
 
Old 04-07-2008, 07:42 AM   #2
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 5&6 CentOS 5, 6 & 7
Posts: 572

Rep: Reputation: 56
Consider installing Webmin. You can control all of these options when creating new users.
 
Old 04-07-2008, 08:15 AM   #3
helptonewbie
Member
 
Registered: Aug 2006
Location: England Somewhere
Distribution: Mandriva, PCLinuxOS, Karoshi, Suse, Redhat, Ubuntu
Posts: 518

Original Poster
Rep: Reputation: 39
Thanks...i know all about webmin...i'm know how to set the various parameters... the thing i'm looking for is would it make a user thats been created just for the use of running up a daemon to run in the users name or for running a script in that users name more secure if someone managed to compromise the daemon or script that was running the with that users privilege by changing things like the users shell to /bin/false etc etc and feel free to continue the list of how best to set-up a user for this purpose alone.


cheers
 
Old 04-07-2008, 08:20 AM   #4
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 5&6 CentOS 5, 6 & 7
Posts: 572

Rep: Reputation: 56
/sbin/nologin is common - e.g. apache user is set to this.

My best suggestion though, if you're concerned about the possibility of a compromised system, is to implement SELinux. It has had bad press - a lot of HowTo guides will tell you to disable it - but it is worth persisting with and is getting better with later releases, such as RHEL 5.1
 
Old 04-07-2008, 09:05 AM   #5
helptonewbie
Member
 
Registered: Aug 2006
Location: England Somewhere
Distribution: Mandriva, PCLinuxOS, Karoshi, Suse, Redhat, Ubuntu
Posts: 518

Original Poster
Rep: Reputation: 39
Yeah i've heard alot i must say about SELinux, pretty much most of the times i've posted questions regarding a security type of question. I've just not had the time to look at it in good detail but i must get round to doing that. Thanks

Still any more ideas on my above questions to everyone??? Just what sort of state is a user in thats been created but not had a passwd assigned to it. I know through testing i don't seem to be able to login to a user of that sort but i'm able to run scripts etc as that user.

Cheers
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't run gui (X) programs as root user nazdrowie Linux - General 25 12-02-2008 02:24 AM
set/unset programs to run at startup bubazoo Debian 2 04-16-2007 05:50 PM
Whats the command that allow you to run a script as another user? ziggie216 Linux - Software 3 11-10-2005 04:05 AM
user cannot run installed programs-mozilla,etc tksmitty Slackware - Installation 7 01-25-2004 12:30 AM
programs won't run on user (non-root) accounts....? once here Slackware 16 12-02-2003 09:44 AM


All times are GMT -5. The time now is 05:47 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration