Whats the best way to set-up a user to run programs as?
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Whats the best way to set-up a user to run programs as?
Hi all,
I'm looking into and just wondering about just what it means when adding a user for use to run daemons/scripts or whatever. Basically whats the most secure way to create a user and allow this to happen. The way i do it is basically:-
groupadd testone
useradd -G testone testone
And then i'm thinking can you make that user more secure with making the shell default /bin/false and by adding the user in this way without use of a password is it possible to login as this user or does something else have to take place first maybe a `passwd`. In the state above of just adding the user and doing nothing else to it, how secure is that, could someone be able to login as that user even though there is no password for it....etc etc
Thanks...i know all about webmin...i'm know how to set the various parameters... the thing i'm looking for is would it make a user thats been created just for the use of running up a daemon to run in the users name or for running a script in that users name more secure if someone managed to compromise the daemon or script that was running the with that users privilege by changing things like the users shell to /bin/false etc etc and feel free to continue the list of how best to set-up a user for this purpose alone.
/sbin/nologin is common - e.g. apache user is set to this.
My best suggestion though, if you're concerned about the possibility of a compromised system, is to implement SELinux. It has had bad press - a lot of HowTo guides will tell you to disable it - but it is worth persisting with and is getting better with later releases, such as RHEL 5.1
Yeah i've heard alot i must say about SELinux, pretty much most of the times i've posted questions regarding a security type of question. I've just not had the time to look at it in good detail but i must get round to doing that. Thanks
Still any more ideas on my above questions to everyone??? Just what sort of state is a user in thats been created but not had a passwd assigned to it. I know through testing i don't seem to be able to login to a user of that sort but i'm able to run scripts etc as that user.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.