You are not logged in.
- Topics: Active | Unanswered
#1 2011-01-12 03:11:13
- colbert
- Member
- Registered: 2007-12-16
- Posts: 809
Few ?s re: Adding user/SSH/restricting
I want to set up a user that can SSH in to my box but is restricted to his home directory. So let's say I make user guest, they shouldn't be allowed to venture outside of /home/guest, or access anything outside of /home/guest period. A few questions the more I google the more I am getting confused by all the varying answers:
1. Doing useradd, what group do I put for this user guest?
2. How to do the restriction? I have read about rbash but that supposedly only locks the user out of cd'ing outside the /home/guest, but not accessing outside (ls, mv, etc.) ??
3. Say I give the user+pass for guest to a friend, he SSH's into my box, now how can I in realtime view his shell session? (Watch him cd/ls/etc.)
4. How would I terminate the SSH session of the guest myself?
Many thanks for any help 
Offline
#2 2011-01-12 04:35:08
- thestinger
- Package Maintainer (PM)
- From: Toronto, Canada
- Registered: 2010-01-23
- Posts: 478
Re: Few ?s re: Adding user/SSH/restricting
*nix is designed as multi-user, so if you just make a user that's in the users group (just use adduser if you're not sure about useradd) and they won't be able to harm anything outside of their home directory unless you have messed up the default (fairly secure) settings. You might want to set up quotas if you're worried about them filling /tmp, /home or the various world-writable directories in /var.
Completing taking away read access from /usr, /bin, etc. would stop them from running anything. Just make sure your home directory is set to 700 permissions and you don't have anything private outside of there.
question 3 can be answered by a quick google search:
http://serverfault.com/questions/12419/ … -real-time
4. pkill, kill, killall? or just kill sshd
Last edited by thestinger (2011-01-12 04:38:35)
Offline