Find the answer to your Linux question:
Results 1 to 4 of 4
Hi guys I would like to create a user on CentOS with restricted access. The main idea is to create a user where: 1) The user will be able to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2011
    Posts
    4

    How to add restrected user on CentOS


    Hi guys

    I would like to create a user on CentOS with restricted access. The main idea is to create a user where:

    1) The user will be able to perform specific commands such as ,ping,iptables, tracert,ifconfig.

    2) The user WILL NOT BE ABLE to navigate to root directory or to any other folder except his home directory.

    3) The user will be able to connect remotely with ssh.

    Can someone please guide me on how to perform the above configuration? I am not asking for a step by step guide but just to know in which way i can add such user and from there i can make some studying. For example i have read from a forum that you can add such a user using rssh, or jailkit.

    Will i have to use apps such as rssh or jailkit for such users or there are other ways? In case of the need for such application, which one is the best?

    Thanks in advance for your help.

  2. #2
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,356
    GNU Rush might be worth a look.

    In general (local exploits excluded): A regular user by default has not too many chances to kill anything or look at places (s)he isnt supposed to see. (logfiles, /root, etc)

    Yes, you would need to take care about the permissions and user/group of data directories, but the rest of a linux directory structure is imho not secret.
    You must always face the curtain with a bow.

  3. #3
    Just Joined!
    Join Date
    Mar 2012
    Posts
    7

    Arrow Create a normal user in CentOS

    All user created in CentOS by default is a Standard user and not administrator.

    To create a user (in terminal):

    useradd <username>

    To set password for the user:

    passwd <username> - to set password
    passwd -d username - user can login without passwd

    For permissions and restriction to the user. remove execute permission for other users for the programs you want to restrict.

    For example, if u want the user from using wall command:

    Run the following commands:

    whereis wall - this will show the location of wall command
    chmod o-x <location shown by the above command>
    i.e., chmod o-x /usr/bin/wall

  4. #4
    Just Joined!
    Join Date
    May 2007
    Posts
    5
    You could specify in the sudoers file which commands that user will be able to run as root.

    However letting a user run things like iptables and ifconfig is a bad idea and asking for trouble like security holes and service disruption.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •