Results 1 to 4 of 4
Hi guys I would like to create a user on CentOS with restricted access. The main idea is to create a user where: 1) The user will be able to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 04-03-2012 #1
- Join Date
- Sep 2011
How to add restrected user on CentOS
I would like to create a user on CentOS with restricted access. The main idea is to create a user where:
1) The user will be able to perform specific commands such as ,ping,iptables, tracert,ifconfig.
2) The user WILL NOT BE ABLE to navigate to root directory or to any other folder except his home directory.
3) The user will be able to connect remotely with ssh.
Can someone please guide me on how to perform the above configuration? I am not asking for a step by step guide but just to know in which way i can add such user and from there i can make some studying. For example i have read from a forum that you can add such a user using rssh, or jailkit.
Will i have to use apps such as rssh or jailkit for such users or there are other ways? In case of the need for such application, which one is the best?
Thanks in advance for your help.
- 04-03-2012 #2
GNU Rush might be worth a look.
In general (local exploits excluded): A regular user by default has not too many chances to kill anything or look at places (s)he isnt supposed to see. (logfiles, /root, etc)
Yes, you would need to take care about the permissions and user/group of data directories, but the rest of a linux directory structure is imho not secret.You must always face the curtain with a bow.
- 04-04-2012 #3
- Join Date
- Mar 2012
Create a normal user in CentOS
All user created in CentOS by default is a Standard user and not administrator.
To create a user (in terminal):
To set password for the user:
passwd <username> - to set password
passwd -d username - user can login without passwd
For permissions and restriction to the user. remove execute permission for other users for the programs you want to restrict.
For example, if u want the user from using wall command:
Run the following commands:
whereis wall - this will show the location of wall command
chmod o-x <location shown by the above command>
i.e., chmod o-x /usr/bin/wall
- 04-04-2012 #4
- Join Date
- May 2007
You could specify in the sudoers file which commands that user will be able to run as root.
However letting a user run things like iptables and ifconfig is a bad idea and asking for trouble like security holes and service disruption.