Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
hi all. i want to restrict my other ssh users from certain files, directories and programs. problem is i dont know exactly the way to approach this.
i have 3 users that can log into linux...root, nixel, and shyet. nixel and shyet are under the group names "users". users can run nmap and view certain files. what if i want shyet unable to view/run a file, but i want nixel to be able to view/run a file while still being a regular user and without root priv? how do i go about setting permissions?
i was thinking making a new group "remote" set aside for my ssh users. if this is the solution, how do i go about making a group? i know it has something to do with /etc/group file but i want this "remote" group to have less priveledges than the "users" group. i dont know what to put in the file.
Well, first, you shouldn't be logging in as root, you should be logging in as yourself and then using sudo to run anything you need to as root.
That's the first biggy.
As to your answer, SSH is nothing more than a transport. It's not a shell. What you're looking for is a customized shell. Do a search on customized shell, restricted shell, things of that nature, I've seen it posted here a few times, you should be able to get a couple of hits.
What you're trying to achieve is reasonably straight forward; find a website that explains file permissions, users and groups and make sure you understand that; it should give you enough information to do not only what you want here, but any other variations that come along.
got it thanks guys. i set all remote users to the group "remote" and chgrp local <dir> to set "local" group as ownership so "remote" group cant access.
i have another question though. how do i search for files with read, write, or exec in 'others'? ie. ( -rwxr-xr-x...search for anything read,write,OR exec )
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.