LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   sudo adduser [username] (https://www.linuxquestions.org/questions/linux-newbie-8/sudo-adduser-%5Busername%5D-899621/)

Howey 08-26-2011 09:59 AM
sudo adduser [username]
 
I have a Debian 5 32-bit VPS. I want to be able to add users with their own login details, I can do this, however...

I want them to not have root access, I only want them to be able to see the files in the directory it creates them.

For example:

In the /home/ there is a new user (akito), and a directory called akito. Now when "akito" logs in he will be taken to his directory. I want it so he cannot go back, he is only allowed to access his directory.

How would I do this (If this makes sense).

wpeckham 08-26-2011 10:20 AM
Access
 
How are they going to be allowed to log in?
What kinds of access do they need?
I need a lot more information to answer this.

If all of their access will be using OpenSSH (ssh, sftp, scp, rsync) you can use some special features of OpenSSH to restrict them to their own home folder. Other services (ftp for example) and console logins are not restricted by these settings.

To restrict EVERYTHING they do, you may want to look into CHROOT. There are scripts and tools to make setting it up easy, and it should contain EVERYTHING they do.

If they ONLY have ftp access, vsftp has some nice features to restrict a users activity to their home tree.

I look forward to finding out more about your requirement.

Howey 08-26-2011 10:27 AM
They can use PuTTy to get SSH access and Something like WinSCP for the FTP client..

The users will only be allowed to add their own files in their directory, and not allowed to view anything else when in the FTP client.

PuTTy to host their games, as I plan on letting people have access so they can host their game (Games on a site I go on (BYOND)).

I basically want them to be able to login, add their files, and not be able to view anyone elses. Then they can open PuTTy to host their game with the commands I show them.

MTK358 08-26-2011 01:01 PM
So you don't want them to be able to see other users' files?

What about system files (i.e. /usr, /etc, /bin, /var, etc.)?

Howey 08-26-2011 01:30 PM
That's right, and no I don't want them to be able to see system files.

Howey 08-26-2011 03:35 PM
Bump (Not sure if allowed to do bumps (yn) )

frieza 08-26-2011 03:48 PM
sounds like a job for chroot, though some system files such as /tmp, /dev, /proc, /bin , /usr/bin and /usr/local/bin as well as /lib, /usr/local/lib and /usr/lib are necessary to run any software.

wpeckham 08-27-2011 08:29 AM
Check your version of OpenSSH. The configuration parameter "ChrootDirectory" should be of special interest to you.
It makes the complexity and waste of traditional chroot containers obsolete AS LONG AS THE USERS ONLY ACCESS IS THROUGH SSH, which perfectly describes your situation.

Also check the 'match' parameter, it will allow your jail to only apply to members of a certain group.
There are examples and how-to documents on the OpenSSH sites.

Take care: Google may show you many obsolete means of accomplishing this! They can work, but with the latest versions it is very easy and does not involve recompiling packages or patching.

If your OpenSSH is not recent enough to support the easy way, check this HOW-TO (Or some of the others you can get using google): http://www.linuxquestions.org/linux/...n_Etch_Mepis_7


All times are GMT -5. The time now is 10:45 PM.