set up account/group with limited access
Alex Dyas
alex.dyas at psineteurope.com
Tue Aug 24 07:25:12 UTC 2004
Bruce,
A very simple example of such a thing would be the following script:
--
#!/bin/sh
echo "Press return to exit the session"
read dummyvar
echo "Logging out"
--
Save this script as something like "/bin/restrictedlogin.sh". Make sure it is
executable by everyone, eg
# chmod 755 /bin/restrictedlogin.sh
Then make this script the login shell of the user in question, for example:
# chsh testuser
Changing shell for testuser.
New shell [/usr/bin/ksh]: /bin/restrictedlogin.sh
Shell changed.
If all goes to plan, logging in with this testuser will now result in the script
running, but no interactive shell.
You may want to read up a little on shell scripting to make it more
interesting/robust.
Hope this helps.
Alex..
-= Alex Dyas, DC Ops, PSINet Europe, Geneva, +41 22 783 6208 =-
bruce wrote:
> and the question is....
>
> how do i do this..!!! ????
> what would the steps be??
> can you give me any pointers/precise directions!!!
>
> thanks!!
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com]On Behalf Of Alex Dyas
> Sent: Monday, August 23, 2004 8:55 AM
> To: bedouglas at earthlink.net; General Red Hat Linux discussion list
> Subject: Re: set up account/group with limited access
>
>
> bruce wrote:
>
>>hi,
>>
>>i want to setup a group/user to have limited access to a box. basically, i
>>want to give a user the ability to login to the system, but not be able to
>>do anything. ie, i don't want the user to be able to read/write/execute
>>anything other than login to the system.
>>
>>i'd like to setup a group, if possible, that is configured with these
>>restrictions. i'd then like to be able to have each user belong to this
>>group, thereby having the restrictions that i mentioned...
>>
>>any ideas/thoughts on how i would/should go about doiing this??
>>
>>in case you're wondering why i'd need this, i'm using puTTY to allow
>
> users
>
>>to access a website on a server, but i want to restrict access to users
>
> via
>
>>logging into the website, as well as via a cheap tunnel to the server via
>>puTTY. this should give me a realtively cheap/reasonably secure process
>
> for
>
>>users accessing the site..
>>
>>thanks for any comments/pointers/etc...
>>
>>i'm using rh8.0
>
>
> Hi Bruce,
>
> You may want to look at replacing the normal user's shell with a script that
> doesn't let them do anything, but keeps them logged in for the session.
> I've
> used this technique in the past to create a simple menu system for users
> that
> would otherwise get lost on the command line. Put the users in
> un-privaledged
> groups for added security.
>
> Alex..
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
More information about the redhat-list
mailing list