Shared SSH Server
I have been using Linux for about 1.5 years. I am still a noob but feel free to go techy on me ;)
I am setting up a machine on my campus for a professor who wants to let users log in via SSH and do some coding projects. I have the machine set up (Ubuntu 8.04.1 server) with SSH and everything. I am creating users on request instead of setting it up on our AD domain (btw, any info on this too would be great).
My main concern is that the way it is set up right now, students can access other students' (or the professor's) home directory. Other than setting this manually, how can I set it up so that when I create a new user (via Webmin OR 'adduser') that permissions for home directories are set such that they are kept "private?"
Also, is there a script or could somebody assist in writing a script that would do this for many many users? I sometimes have to add classfulls of users at a time. Would validating against AD be a better idea and would it automatically set home folders as private? I have read a little about setting this up with Samba, but any easy-to-understand guide that isnt a mile long (like on Samba's website....) would be greatly appreciated.
Thank you all for your help!
Setting it up to authenticate to a windows domain should be fairly simple/straightforward, the only catch is you need administrator access to the domain to add this machine to it, if you don't have that, then you can't do anything no matter what. If you want to make the user's home folders only visible to their owners, just do
Then no one will be able to see inside anyone else's home folder
sudo chmod -R 700 /home
possible script, named adduser.sh
call this script with ./adduser.sh <username>
sudo adduser $1
sudo chmod -R 700 /home/$1
Thank you for your quick reply :)
I have set up disk quotas now and am wondering if there is a way to implement setting up the quota's in the script? Each user is limited to 100MBs Hard and Soft.
you should be able to just add the quota commands to that script file, I've never done anything with quotas, so I can't help you there
I would move the prof into his own group and
then put the students into there own group.
Set the system UMASK tigher and update your
/etc/skel files to not allow data accress users.
Check /etc/profile and change the UMASK there
or depending on the release (dont have ubuntu handy now to check)
/etc/profile should have a UMASK line for system wide option or set the option in the users bashrc file.