LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   restricting ssh users from certain programs/files (https://www.linuxquestions.org/questions/linux-security-4/restricting-ssh-users-from-certain-programs-files-180673/)

nixel 05-12-2004 09:54 AM
restricting ssh users from certain programs/files
 
hi all. i want to restrict my other ssh users from certain files, directories and programs. problem is i dont know exactly the way to approach this.

i have 3 users that can log into linux...root, nixel, and shyet. nixel and shyet are under the group names "users". users can run nmap and view certain files. what if i want shyet unable to view/run a file, but i want nixel to be able to view/run a file while still being a regular user and without root priv? how do i go about setting permissions?

i was thinking making a new group "remote" set aside for my ssh users. if this is the solution, how do i go about making a group? i know it has something to do with /etc/group file but i want this "remote" group to have less priveledges than the "users" group. i dont know what to put in the file.

thanks in advance.

Technoslave 05-12-2004 11:18 AM
Well, first, you shouldn't be logging in as root, you should be logging in as yourself and then using sudo to run anything you need to as root.

That's the first biggy.

As to your answer, SSH is nothing more than a transport. It's not a shell. What you're looking for is a customized shell. Do a search on customized shell, restricted shell, things of that nature, I've seen it posted here a few times, you should be able to get a couple of hits.

iainr 05-12-2004 01:29 PM
Hi nixel,

What you're trying to achieve is reasonably straight forward; find a website that explains file permissions, users and groups and make sure you understand that; it should give you enough information to do not only what you want here, but any other variations that come along.

nixel 05-12-2004 03:01 PM
got it thanks guys. i set all remote users to the group "remote" and chgrp local <dir> to set "local" group as ownership so "remote" group cant access.

i have another question though. how do i search for files with read, write, or exec in 'others'? ie. ( -rwxr-xr-x...search for anything read,write,OR exec )

jschiwal 05-12-2004 10:00 PM
find / -xdev -perm 0764
will locate all files with rwxrw-r--

The permissions listed as octal numbers will match exactly. If you are just interested in the others permissions mask, use a symbolic argument.

To see which files are world readable: find / -xdev -perm -o+r

nixel 05-13-2004 12:54 AM
the find command seems to use a lot of memory! thanks for the responses. and the explanation of symbolic argument. just what i was looking for.
:)


All times are GMT -5. The time now is 11:11 PM.