Shared SSH Server

[Jawshie]

---

I have been using Linux for about 1.5 years. I am still a noob but feel free to go techy on me

I am setting up a machine on my campus for a professor who wants to let users log in via SSH and do some coding projects. I have the machine set up (Ubuntu 8.04.1 server) with SSH and everything. I am creating users on request instead of setting it up on our AD domain (btw, any info on this too would be great).

My main concern is that the way it is set up right now, students can access other students' (or the professor's) home directory. Other than setting this manually, how can I set it up so that when I create a new user (via Webmin OR 'adduser') that permissions for home directories are set such that they are kept "private?"

Also, is there a script or could somebody assist in writing a script that would do this for many many users? I sometimes have to add classfulls of users at a time. Would validating against AD be a better idea and would it automatically set home folders as private? I have read a little about setting this up with Samba, but any easy-to-understand guide that isnt a mile long (like on Samba's website....) would be greatly appreciated.

Thank you all for your help!

[coopstah13]

Setting it up to authenticate to a windows domain should be fairly simple/straightforward, the only catch is you need administrator access to the domain to add this machine to it, if you don't have that, then you can't do anything no matter what. If you want to make the user's home folders only visible to their owners, just do

Code:

sudo chmod -R 700 /home

Then no one will be able to see inside anyone else's home folder

[coopstah13]

possible script, named adduser.sh

Code:

#!/bin/bash
sudo adduser $1
sudo chmod -R 700 /home/$1

call this script with ./adduser.sh <username>

[Jawshie]

Thank you for your quick reply

I have set up disk quotas now and am wondering if there is a way to implement setting up the quota's in the script? Each user is limited to 100MBs Hard and Soft.

[coopstah13]

you should be able to just add the quota commands to that script file, I've never done anything with quotas, so I can't help you there

[ohgary]

I would move the prof into his own group and
then put the students into there own group.
Set the system UMASK tigher and update your
/etc/skel files to not allow data accress users.

Check /etc/profile and change the UMASK there
or depending on the release (dont have ubuntu handy now to check)
/etc/profile should have a UMASK line for system wide option or set the option in the users bashrc file.