set up account/group with limited access

Ben Yau byau at cardcommerce.com
Wed Aug 25 16:16:37 UTC 2004 

Anytime you do false shells, remember to consider putting them in
/etc/shells to .  For example, if you use vacation on the account, if the
shell is not in /etc/shell, the vacation program won't work (this happened
to me just recently)


Ben Yau

=================================
310.235.2500 x232
Card Commerce International, Inc.
http://www.cardcommerce.com
=================================


> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com]On Behalf Of Jean-Christophe
> Valiere
> Sent: Tuesday, August 24, 2004 1:25 AM
> To: General Red Hat Linux discussion list
> Subject: Re: set up account/group with limited access
>
>
>
>  What about using pdksh -r ??
>
> Selon Alex Dyas <alex.dyas at psineteurope.com>:
>
> > Bruce,
> >
> > A very simple example of such a thing would be the following script:
> >
> > --
> > #!/bin/sh
> > echo "Press return to exit the session"
> > read dummyvar
> > echo "Logging out"
> > --
> >
> > Save this script as something like "/bin/restrictedlogin.sh".
> Make sure it
> > is
> > executable by everyone, eg
> >
> > # chmod 755 /bin/restrictedlogin.sh
> >
> > Then make this script the login shell of the user in question,
> for example:
> >
> > # chsh testuser
> > Changing shell for testuser.
> > New shell [/usr/bin/ksh]: /bin/restrictedlogin.sh
> > Shell changed.
> >
> > If all goes to plan, logging in with this testuser will now
> result in the
> > script
> >   running, but no interactive shell.
> >
> > You may want to read up a little on shell scripting to make it more
> > interesting/robust.
> >
> > Hope this helps.
> >
> > Alex..
> >
> > -= Alex Dyas, DC Ops, PSINet Europe, Geneva, +41 22 783 6208 =-
> >
> >
> > bruce wrote:
> > > and the question is....
> > >
> > >   how do i do this..!!! ????
> > >   what would the steps be??
> > >   can you give me any pointers/precise directions!!!
> > >
> > > thanks!!
> > >
> > > -----Original Message-----
> > > From: redhat-list-bounces at redhat.com
> > > [mailto:redhat-list-bounces at redhat.com]On Behalf Of Alex Dyas
> > > Sent: Monday, August 23, 2004 8:55 AM
> > > To: bedouglas at earthlink.net; General Red Hat Linux discussion list
> > > Subject: Re: set up account/group with limited access
> > >
> > >
> > > bruce wrote:
> > >
> > >>hi,
> > >>
> > >>i want to setup a group/user to have limited access to a box.
> basically, i
> > >>want to give a user the ability to login to the system, but
> not be able to
> > >>do anything. ie, i don't want the user to be able to
> read/write/execute
> > >>anything other than login to the system.
> > >>
> > >>i'd like to setup a group, if possible, that is configured with these
> > >>restrictions. i'd then like to be able to have each user
> belong to this
> > >>group, thereby having the restrictions that i mentioned...
> > >>
> > >>any ideas/thoughts on how i would/should go about doiing this??
> > >>
> > >>in case you're wondering why i'd need this,  i'm using puTTY to allow
> > >
> > > users
> > >
> > >>to access a website on a server, but i want to restrict
> access to users
> > >
> > > via
> > >
> > >>logging into the website, as well as via a cheap tunnel to
> the server via
> > >>puTTY. this should give me a realtively cheap/reasonably
> secure process
> > >
> > > for
> > >
> > >>users accessing the site..
> > >>
> > >>thanks for any comments/pointers/etc...
> > >>
> > >>i'm using rh8.0
> > >
> > >
> > > Hi Bruce,
> > >
> > > You may want to look at replacing the normal user's shell
> with a script
> > that
> > > doesn't let them do anything, but keeps them logged in for
> the session.
> > > I've
> > > used this technique in the past to create a simple menu
> system for users
> > > that
> > > would otherwise get lost on the command line.  Put the users in
> > > un-privaledged
> > > groups for added security.
> > >
> > > Alex..
> > >
> > >
> > > --
> > > redhat-list mailing list
> > > unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > > https://www.redhat.com/mailman/listinfo/redhat-list
> > >
> > >
> >
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
>
>
> --
> "Si la politique pouvait changer notre vie,
>  cela ferait longtemps qu'elle serait interdite."
>   - Federation Anarchiste de France -
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

More information about the redhat-list mailing list