Creating user with permission to existing directory?

postcd · 03-24-2015, 03:05 PM

Hello,

there is command:
useradd -m -d /home/didi (from this article)

but what if that folder /home/didi already exist and contains very important files? I want to give permission to that folder, but im afraid if it wont get deleted or somehow changed so it can hurt anything by executing above command?

Can i just modiffy /etc/passwd file, it wont add user? editting that file feels more safe. thx

Pearlseattle · 03-24-2015, 05:41 PM

Hi
Just to understand: isn't this a question which you could answer just by experimenting on your own with a fake user?

postcd · 03-25-2015, 04:43 AM

Hi, yes, maybe, but im noob so i wanted to listen oppinion of experienced Linux users, i always like to learn.

veerain · 03-25-2015, 08:14 AM

What Pearlseattle said is right, simple, easy and correct way.

Others won't have the exact same software environment as you do. So it's best to test it on your own system.

postcd · 03-26-2015, 10:42 AM

i did that useradd command mentioning existing directory with files and it said:

Quote:

useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.

but when i tail /etc/passwd i see:

Quote:

didi:x:32012:32012::/test:/usr/bin/rssh

i tried to chown didi:didi directory /test
i can connect SCP, password works, no error message, but session disappear, no browsing window appear.

from /var/log/secure

Quote:

sshd[4768]: pam_unix(sshd:session): session opened for user didi by (uid=0)
sshd[4768]: pam_unix(sshd:session): session closed for user didi

WinSCP error log says:
Connection has been unexpectedly closed. Server sent command exit status 1 (or 255 or 0)

#stat /test

Quote:

File: `/test'
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 2eh/46d Inode: 40476810 Links: 2
Access: (0755/drwxr-xr-x) Uid: (32012/ didi) Gid: (32012/ didi)

When i add different user while his directory do not exist, login still failing:

Quote:

. 2015-03-26 16:29:09.140 Using stored password.
. 2015-03-26 16:29:09.343 Prompt (6, SSH server authentication, , <no prompt>)
. 2015-03-26 16:29:09.343 Ignoring empty SSH server authentication request
. 2015-03-26 16:29:09.484 Access granted
. 2015-03-26 16:29:09.484 Opening session as main channel
. 2015-03-26 16:29:09.625 Opened main channel
. 2015-03-26 16:29:09.953 Started a shell/command
! 2015-03-26 16:29:09.953 /usr/bin/rssh: Permission denied

pan64 · 03-26-2015, 11:10 AM

Yes, that was mentioned: useradd: warning: the home directory already exists. Not copying any file from skel directory into it.
So that was an existing directory, the usual preparation of home dir was therefore skipped. ssh refused to work with it.

zafar_dandoti · 03-29-2015, 06:48 AM

The shell u specified for user didi must be listed under /etc/shells

postcd · 03-29-2015, 07:24 AM

Quote:

Originally Posted by zafar_dandoti

The shell u specified for user didi must be listed under /etc/shells

I just added it: tail /etc/shells

Quote:

/bin/sh
/bin/bash
/sbin/nologin
/bin/tcsh
/bin/csh
/usr/local/cpanel/bin/jailshell
/bin/ftpsh
/usr/local/cpanel/bin/noshell
/bin/zsh
/usr/bin/rssh

the user directory is in /home/didi and i chown it didi:didi and also chmod 755

stat /usr/bin/rssh

Quote:

File: `/usr/bin/rssh'
Size: 25816 Blocks: 56 IO Block: 4096 regular file
Device: 2eh/46d Inode: 40386551 Links: 1
Access: (0750/-rwxr-x---) Uid: ( 0/ root) Gid: ( 494/rsshusers)
Access: 2015-03-29 12:11:03.215019780 +0000
Modify: 2014-09-30 18:10:27.000000000 +0000
Change: 2015-03-24 19:23:19.335627025 +0000

but still no luck logging in.. WinSCP error looks to be:
! 2015-03-29 14:23:29.406 /usr/bin/rssh: Permission denied

zafar_dandoti · 03-29-2015, 09:33 AM

BTW what is ur distro?
Are u running selinux/apparmour?

postcd · 03-29-2015, 09:48 AM

Quote:

Originally Posted by zafar_dandoti

BTW what is ur distro?
Are u running selinux/apparmour?

It is Linux OpenVZ VPS with CentOS release 6.6 (Final)
kernel: 2.6.32-042stab093.5
# sestatus
SELinux status: disabled

zafar_dandoti · 03-29-2015, 10:12 AM

Did u restart the ssh service

Code:

service sshd restart

postcd · 03-30-2015, 02:40 PM

Quote:

Originally Posted by zafar_dandoti

Did u restart the ssh service

Code:

service sshd restart

yes, i just did that restart and tried again, but failed with the same error in winscp log (rssh denied one), i seen also my firewall log:

Quote:

*SSH login* from *.*.*.* into the didi account using keyboard-interactive/pam authentication - ignored

ignored means its not blocked

zafar_dandoti · 03-30-2015, 11:26 PM

Did u follow all the steps carefully configuring rssh.conf?
Did u add user didi to rsshusers group?

postcd · 03-31-2015, 03:38 PM

Quote:

Originally Posted by zafar_dandoti

Did u follow all the steps carefully configuring rssh.conf?

im not sure, i thought i just need to uncomment #allowscp line which i did..
i also tried to add this line to rss.conf:
user=didi:022:00001:
and or
user=didi:32012:00001:

but still not worked :-S (sshd restarted)

Quote:

Originally Posted by zafar_dandoti

Did u add user didi to rsshusers group?

# useradd -G rsshusers didi
useradd: user 'didi' already exists
# cat /etc/group | grep rss
rsshusers:x:494:
# cat /etc/group | grep didi
didi:x:32012:
# groups didi
didi : didi