Re: set up account/group with limited access

[Alex Dyas <alex.dyas@xxxxxxxxxxxxxxxx>]

Bruce,

A very simple example of such a thing would be the following script:

--
#!/bin/sh
echo "Press return to exit the session"
read dummyvar
echo "Logging out"
--

Save this script as something like "/bin/restrictedlogin.sh".  Make sure it is 
executable by everyone, eg

# chmod 755 /bin/restrictedlogin.sh

Then make this script the login shell of the user in question, for example:

# chsh testuser
Changing shell for testuser.
New shell [/usr/bin/ksh]: /bin/restrictedlogin.sh
Shell changed.

If all goes to plan, logging in with this testuser will now result in the script 
 running, but no interactive shell.

You may want to read up a little on shell scripting to make it more 
interesting/robust.

Hope this helps.

Alex..

-= Alex Dyas, DC Ops, PSINet Europe, Geneva, +41 22 783 6208 =-


bruce wrote:
> and the question is....
>
>   how do i do this..!!! ????
>   what would the steps be??
>   can you give me any pointers/precise directions!!!
>
> thanks!!
>
> -----Original Message-----
> From: redhat-list-bounces@xxxxxxxxxx
> [mailto:redhat-list-bounces@xxxxxxxxxx]On Behalf Of Alex Dyas
> Sent: Monday, August 23, 2004 8:55 AM
> To: bedouglas@xxxxxxxxxxxxx; General Red Hat Linux discussion list
> Subject: Re: set up account/group with limited access
>
>
> bruce wrote:
>
> > hi,
> >
> > i want to setup a group/user to have limited access to a box. basically, i
> > want to give a user the ability to login to the system, but not be able to
> > do anything. ie, i don't want the user to be able to read/write/execute
> > anything other than login to the system.
> >
> > i'd like to setup a group, if possible, that is configured with these
> > restrictions. i'd then like to be able to have each user belong to this
> > group, thereby having the restrictions that i mentioned...
> >
> > any ideas/thoughts on how i would/should go about doiing this??
> >
> > in case you're wondering why i'd need this,  i'm using puTTY to allow
>
> users
>
> > to access a website on a server, but i want to restrict access to users
>
> via
>
> > logging into the website, as well as via a cheap tunnel to the server via
> > puTTY. this should give me a realtively cheap/reasonably secure process
>
> for
>
> > users accessing the site..
> >
> > thanks for any comments/pointers/etc...
> >
> > i'm using rh8.0
>
>
> Hi Bruce,
>
> You may want to look at replacing the normal user's shell with a script that
> doesn't let them do anything, but keeps them logged in for the session.
> I've
> used this technique in the past to create a simple menu system for users
> that
> would otherwise get lost on the command line.  Put the users in
> un-privaledged
> groups for added security.
>
> Alex..
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list