cancel
Showing results for 
Search instead for 
Did you mean: 

restricted user

Muhammad Ahmad
Frequent Advisor

restricted user

Hi,

I would like to create a user with the following access rights:

1. the user can't live outside his home directory structure
2. ordinary user can access his home directory structure

Thanks in advance.
-Br
-Ahmad
13 REPLIES
Steven E. Protter
Exalted Contributor

Re: restricted user

Shalom,

Using the restricted shell (rsh) will accomplish this goal.

You might also consider if you use ssh of setting this user up as a chroot user.

http://docs.hp.com/en/5992-3387/ch05s06.html

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Ganesan R
Honored Contributor

Re: restricted user

Hi Muhammad,

You need to configure the user with chroot environment. Configuring chroot manually needs lot of work. HP has provided a script to configure chroot simply.

You need to use the script /opt/ssh/ssh_chroot_setup.sh. This script will create a user and configure that user with chroot environment.

Also read /opt/ssh/README.hp . It will give you exact steps.
Best wishes,

Ganesh.
bright image
Frequent Advisor

Re: restricted user

If this is an ftp user you may want to look at the following links:

http://newfdawg.com/SHP-FTP-anon.htm

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1264911

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&
;taskId=115&prodSeriesId=3215373&prodTypeId=18964&objectID=c01516983
Md. Farhan A Azam
Trusted Contributor

Re: restricted user

Hi,

just put /./after home directory,

(e.i. user1:4ZCqrSQpm07fk:110:20::/pgapsoft/pegains/CRBT/./:/bin/sh

user will not be able to move from home diectory.
Dennis Handly
Acclaimed Contributor

Re: restricted user

>Farhan: just put /./after home directory,

I tried this and this doesn't restrict cd with sh/ksh. Where did you here about it?
Muhammad Ahmad
Frequent Advisor

Re: restricted user

Hi All,

Thanks for your time.

Farhan, i agree with Deniss.

Secondly, ftp restricted access is given to that user using "chroot" and it's running fine.

but in this case, only root can access that restricted user's home directory, we need to remove that restriction, so that an ordinary user can also access his home directory sturcture. with in-effect of the existing ftp restricted access for the user.

-Br
Ahmad
Ganesan R
Honored Contributor

Re: restricted user

Hi Muhammad,

By default write permission will not be given to anyone other then the owner of the home directories. In this case only root and owner can have write access.

If you want to give write access to others as well, use chmod command and give write access to others.

If you are looking something else, clarify in details.
Best wishes,

Ganesh.
Md. Farhan A Azam
Trusted Contributor

Re: restricted user

Hi Dennis,

Sorry for delay in response, i was out of office from last few weeks.
actually..this will work for FTP user..somehow it was posted....So sorry again.


Thanks Farhan
Dennis Handly
Acclaimed Contributor

Re: restricted user

>Farhan: this will work for FTP user

Yes, I later saw that for ftpaccess(4).
Muhammad Ahmad
Frequent Advisor

Re: restricted user

Hi Farhan/Dennis,

but in this case, we can't restrict the access of that user on shell through telnet/ssh etc.

-Br
Ahmad
Ganesan R
Honored Contributor

Re: restricted user

Hi Muhammad,

If you want to restrict the telnet/ssh access then change the shell to /bin/false
Best wishes,

Ganesh.
Md. Farhan A Azam
Trusted Contributor

Re: restricted user

>Ganeshan R:If you want to restrict the telnet/ssh access then change the shell to /bin/false.

In this scenario user will not be able to login in the server through telnet, as user will not get any shell. i think this will work for ftp.
Johnson Punniyalingam
Honored Contributor

Re: restricted user

Hi Ahmad,

>>In this scenario user will not be able to login in the server through telnet, as user will not get any shell. i think this will work for ftp.<<

yes ,

But you are looking for "user id" which should be resticted under its own working directory only.?

Can please try below suggestion under (Development Server)

Creat account :- UserA

Edit the /etc/passwd file. Append a "./" to the end of the initial working

userA:cinUTe/NGII4.:505:125::/home/userA/./:/usr/bin/sh

otherwise, You need look for resticted shell (or) jailroot

Thanks,
Johnson
Problems are common to all, but attitude makes the difference