LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 12-11-2009, 03:59 AM   #1
mitchell7man
Member
 
Registered: Jan 2007
Location: Provo, UT
Distribution: OSX - Fedora
Posts: 458

Rep: Reputation: 31
How to restrict users ssh permissions?


Hi, I'm new to server, I have successfully set up a file server sharing different partitions to different users. I have noticed that I have a vulnerability on the SSH end though. I find that all of my users can ssh and cd to partitions that I would like restricted. These partitions are mounted as /media/dirname how can I restrict guests ssh access so that in terms of ssh they are not allowed to leave their home directory? I'd like it so that I can be the only one to have permissions to everything. I believe that my users do have their own groups but I'm not sure, seeing as I'm asking this question I think I'll need some help from where to start from where to end.

Much thanks.
MJ

*server is ubuntu 9.10 with samba
 
Old 12-11-2009, 04:33 AM   #2
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
You can chroot them to their home directories http://www.debian-administration.org/articles/590
 
Old 12-11-2009, 04:37 AM   #3
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by mitchell7man View Post
Hi, I'm new to server, I have successfully set up a file server sharing different partitions to different users. I have noticed that I have a vulnerability on the SSH end though. I find that all of my users can ssh and cd to partitions that I would like restricted. These partitions are mounted as /media/dirname how can I restrict guests ssh access so that in terms of ssh they are not allowed to leave their home directory? I'd like it so that I can be the only one to have permissions to everything. I believe that my users do have their own groups but I'm not sure, seeing as I'm asking this question I think I'll need some help from where to start from where to end.

Much thanks.
MJ

*server is ubuntu 9.10 with samba
if a user is restricted to their home directory, they cannot run any commands..
what you should look at is setting a user up with ssh keys, and specifying in the ssh keys which commands they can run.

another option would be to set up some rules in /etc/sudoers
some examples are here
http://debaan.blogspot.com/2007/02/s...-examples.html
 
Old 12-11-2009, 12:03 PM   #4
mitchell7man
Member
 
Registered: Jan 2007
Location: Provo, UT
Distribution: OSX - Fedora
Posts: 458

Original Poster
Rep: Reputation: 31
Those are interesting, but I actually don't mind (and actually would like) if these users were not allowed to execute any commands at all, how do I go about restricting them completely? I didn't quite get that first tutorial as it seemed to be for FTP, I already have my users made and set up to be able to access certain SAMBA shares. I just need to lock them out of SSH.

Thanks again.
 
Old 12-11-2009, 12:40 PM   #5
mitchell7man
Member
 
Registered: Jan 2007
Location: Provo, UT
Distribution: OSX - Fedora
Posts: 458

Original Poster
Rep: Reputation: 31
Okay, so now I got a bigger problem i changed the
Quote:
root ALL=(ALL) ALL
value to
Quote:
root ALL=(myusername) ALL
and now I cannot sudo... Is there any way to fix my sudo permissions? - I intended to lock everyone out except for myself. Now I just made my account the same as the rest, I can look at stuff but not edit it. (And I want my account to be able to do anything and the users to not even look at stuff)

Thanks.
MJ

UPDATE - I guess I did have root account active and was able to change the value back to (ALL). -I still need help restricting other accounts. I guess you can see what kind of novice your working with...

Last edited by mitchell7man; 12-11-2009 at 12:48 PM.
 
Old 12-11-2009, 10:14 PM   #6
mitchell7man
Member
 
Registered: Jan 2007
Location: Provo, UT
Distribution: OSX - Fedora
Posts: 458

Original Poster
Rep: Reputation: 31
Quote:
usermod -s /sbin/nologin username
seemed to do the trick Thanks all!
 
  


Reply

Tags
file, home, permissions, server, ubuntu


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
restrict ssh users to single user group winkydo Ubuntu 2 02-25-2008 11:07 AM
LXer: How to: Restrict Users to SCP and SFTP and Block SSH Shell Access with rssh LXer Syndicated Linux News 0 01-02-2008 12:00 PM
restrict/allow ssh users mike30188 Linux - Security 2 06-20-2005 08:37 PM
Restrict users logging in by SSH tolindsey Linux - Security 4 08-12-2004 04:17 PM
Restrict Directories to users with SSH aeruzcar Linux - General 5 09-11-2003 03:28 PM


All times are GMT -5. The time now is 03:42 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration