set up account/group with limited access

Jean-Christophe Valiere jyce at free.fr
Tue Aug 24 08:25:22 UTC 2004 

 What about using pdksh -r ??

Selon Alex Dyas <alex.dyas at psineteurope.com>:

> Bruce,
>
> A very simple example of such a thing would be the following script:
>
> --
> #!/bin/sh
> echo "Press return to exit the session"
> read dummyvar
> echo "Logging out"
> --
>
> Save this script as something like "/bin/restrictedlogin.sh".  Make sure it
> is
> executable by everyone, eg
>
> # chmod 755 /bin/restrictedlogin.sh
>
> Then make this script the login shell of the user in question, for example:
>
> # chsh testuser
> Changing shell for testuser.
> New shell [/usr/bin/ksh]: /bin/restrictedlogin.sh
> Shell changed.
>
> If all goes to plan, logging in with this testuser will now result in the
> script
>   running, but no interactive shell.
>
> You may want to read up a little on shell scripting to make it more
> interesting/robust.
>
> Hope this helps.
>
> Alex..
>
> -= Alex Dyas, DC Ops, PSINet Europe, Geneva, +41 22 783 6208 =-
>
>
> bruce wrote:
> > and the question is....
> >
> >   how do i do this..!!! ????
> >   what would the steps be??
> >   can you give me any pointers/precise directions!!!
> >
> > thanks!!
> >
> > -----Original Message-----
> > From: redhat-list-bounces at redhat.com
> > [mailto:redhat-list-bounces at redhat.com]On Behalf Of Alex Dyas
> > Sent: Monday, August 23, 2004 8:55 AM
> > To: bedouglas at earthlink.net; General Red Hat Linux discussion list
> > Subject: Re: set up account/group with limited access
> >
> >
> > bruce wrote:
> >
> >>hi,
> >>
> >>i want to setup a group/user to have limited access to a box. basically, i
> >>want to give a user the ability to login to the system, but not be able to
> >>do anything. ie, i don't want the user to be able to read/write/execute
> >>anything other than login to the system.
> >>
> >>i'd like to setup a group, if possible, that is configured with these
> >>restrictions. i'd then like to be able to have each user belong to this
> >>group, thereby having the restrictions that i mentioned...
> >>
> >>any ideas/thoughts on how i would/should go about doiing this??
> >>
> >>in case you're wondering why i'd need this,  i'm using puTTY to allow
> >
> > users
> >
> >>to access a website on a server, but i want to restrict access to users
> >
> > via
> >
> >>logging into the website, as well as via a cheap tunnel to the server via
> >>puTTY. this should give me a realtively cheap/reasonably secure process
> >
> > for
> >
> >>users accessing the site..
> >>
> >>thanks for any comments/pointers/etc...
> >>
> >>i'm using rh8.0
> >
> >
> > Hi Bruce,
> >
> > You may want to look at replacing the normal user's shell with a script
> that
> > doesn't let them do anything, but keeps them logged in for the session.
> > I've
> > used this technique in the past to create a simple menu system for users
> > that
> > would otherwise get lost on the command line.  Put the users in
> > un-privaledged
> > groups for added security.
> >
> > Alex..
> >
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> >
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>


--
"Si la politique pouvait changer notre vie,
 cela ferait longtemps qu'elle serait interdite."
  - Federation Anarchiste de France -

More information about the redhat-list mailing list