HPE Community
Operating System - HP-UX
1753844 Members
7298 Online
108806 Solutions
New Discussion юеВ

restricted user

 
Muhammad Ahmad
Frequent Advisor

тАО02-10-2009 12:09 AM

тАО02-10-2009 12:09 AM

restricted user

Hi,

I would like to create a user with the following access rights:

1. the user can't live outside his home directory structure
2. ordinary user can access his home directory structure

Thanks in advance.
-Br
-Ahmad
0 Kudos
Reply
13 REPLIES 13
Steven E. Protter
Exalted Contributor

тАО02-10-2009 12:32 AM

тАО02-10-2009 12:32 AM

Re: restricted user

Shalom,

Using the restricted shell (rsh) will accomplish this goal.

You might also consider if you use ssh of setting this user up as a chroot user.

http://docs.hp.com/en/5992-3387/ch05s06.html

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Ganesan R
Honored Contributor

тАО02-10-2009 12:42 AM

тАО02-10-2009 12:42 AM

Re: restricted user

Hi Muhammad,

You need to configure the user with chroot environment. Configuring chroot manually needs lot of work. HP has provided a script to configure chroot simply.

You need to use the script /opt/ssh/ssh_chroot_setup.sh. This script will create a user and configure that user with chroot environment.

Also read /opt/ssh/README.hp . It will give you exact steps.
Best wishes,

Ganesh.
0 Kudos
Reply
bright image
Frequent Advisor

тАО02-10-2009 01:18 AM

тАО02-10-2009 01:18 AM

Re: restricted user

If this is an ftp user you may want to look at the following links:

http://newfdawg.com/SHP-FTP-anon.htm

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1264911

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&
;taskId=115&prodSeriesId=3215373&prodTypeId=18964&objectID=c01516983
0 Kudos
Reply
Md. Farhan A Azam
Trusted Contributor

тАО02-10-2009 05:01 AM

тАО02-10-2009 05:01 AM

Re: restricted user

Hi,

just put /./after home directory,

(e.i. user1:4ZCqrSQpm07fk:110:20::/pgapsoft/pegains/CRBT/./:/bin/sh

user will not be able to move from home diectory.
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО02-10-2009 01:29 PM

тАО02-10-2009 01:29 PM

Re: restricted user

>Farhan: just put /./after home directory,

I tried this and this doesn't restrict cd with sh/ksh. Where did you here about it?
0 Kudos
Reply
Muhammad Ahmad
Frequent Advisor

тАО02-11-2009 03:46 AM

тАО02-11-2009 03:46 AM

Re: restricted user

Hi All,

Thanks for your time.

Farhan, i agree with Deniss.

Secondly, ftp restricted access is given to that user using "chroot" and it's running fine.

but in this case, only root can access that restricted user's home directory, we need to remove that restriction, so that an ordinary user can also access his home directory sturcture. with in-effect of the existing ftp restricted access for the user.

-Br
Ahmad
0 Kudos
Reply
Ganesan R
Honored Contributor

тАО02-11-2009 03:57 AM

тАО02-11-2009 03:57 AM

Re: restricted user

Hi Muhammad,

By default write permission will not be given to anyone other then the owner of the home directories. In this case only root and owner can have write access.

If you want to give write access to others as well, use chmod command and give write access to others.

If you are looking something else, clarify in details.
Best wishes,

Ganesh.
0 Kudos
Reply
Md. Farhan A Azam
Trusted Contributor

тАО02-17-2009 01:03 AM

тАО02-17-2009 01:03 AM

Re: restricted user

Hi Dennis,

Sorry for delay in response, i was out of office from last few weeks.
actually..this will work for FTP user..somehow it was posted....So sorry again.


Thanks Farhan
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО02-17-2009 01:14 AM

тАО02-17-2009 01:14 AM

Re: restricted user

>Farhan: this will work for FTP user

Yes, I later saw that for ftpaccess(4).
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.