Anytime you do false shells, remember to consider putting them in /etc/shells to . For example, if you use vacation on the account, if the shell is not in /etc/shell, the vacation program won't work (this happened to me just recently) Ben Yau ================================= 310.235.2500 x232 Card Commerce International, Inc. http://www.cardcommerce.com ================================= > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx]On Behalf Of Jean-Christophe > Valiere > Sent: Tuesday, August 24, 2004 1:25 AM > To: General Red Hat Linux discussion list > Subject: Re: set up account/group with limited access > > > > What about using pdksh -r ?? > > Selon Alex Dyas <alex.dyas@xxxxxxxxxxxxxxxx>: > > > Bruce, > > > > A very simple example of such a thing would be the following script: > > > > -- > > #!/bin/sh > > echo "Press return to exit the session" > > read dummyvar > > echo "Logging out" > > -- > > > > Save this script as something like "/bin/restrictedlogin.sh". > Make sure it > > is > > executable by everyone, eg > > > > # chmod 755 /bin/restrictedlogin.sh > > > > Then make this script the login shell of the user in question, > for example: > > > > # chsh testuser > > Changing shell for testuser. > > New shell [/usr/bin/ksh]: /bin/restrictedlogin.sh > > Shell changed. > > > > If all goes to plan, logging in with this testuser will now > result in the > > script > > running, but no interactive shell. > > > > You may want to read up a little on shell scripting to make it more > > interesting/robust. > > > > Hope this helps. > > > > Alex.. > > > > -= Alex Dyas, DC Ops, PSINet Europe, Geneva, +41 22 783 6208 =- > > > > > > bruce wrote: > > > and the question is.... > > > > > > how do i do this..!!! ???? > > > what would the steps be?? > > > can you give me any pointers/precise directions!!! > > > > > > thanks!! > > > > > > -----Original Message----- > > > From: redhat-list-bounces@xxxxxxxxxx > > > [mailto:redhat-list-bounces@xxxxxxxxxx]On Behalf Of Alex Dyas > > > Sent: Monday, August 23, 2004 8:55 AM > > > To: bedouglas@xxxxxxxxxxxxx; General Red Hat Linux discussion list > > > Subject: Re: set up account/group with limited access > > > > > > > > > bruce wrote: > > > > > >>hi, > > >> > > >>i want to setup a group/user to have limited access to a box. > basically, i > > >>want to give a user the ability to login to the system, but > not be able to > > >>do anything. ie, i don't want the user to be able to > read/write/execute > > >>anything other than login to the system. > > >> > > >>i'd like to setup a group, if possible, that is configured with these > > >>restrictions. i'd then like to be able to have each user > belong to this > > >>group, thereby having the restrictions that i mentioned... > > >> > > >>any ideas/thoughts on how i would/should go about doiing this?? > > >> > > >>in case you're wondering why i'd need this, i'm using puTTY to allow > > > > > > users > > > > > >>to access a website on a server, but i want to restrict > access to users > > > > > > via > > > > > >>logging into the website, as well as via a cheap tunnel to > the server via > > >>puTTY. this should give me a realtively cheap/reasonably > secure process > > > > > > for > > > > > >>users accessing the site.. > > >> > > >>thanks for any comments/pointers/etc... > > >> > > >>i'm using rh8.0 > > > > > > > > > Hi Bruce, > > > > > > You may want to look at replacing the normal user's shell > with a script > > that > > > doesn't let them do anything, but keeps them logged in for > the session. > > > I've > > > used this technique in the past to create a simple menu > system for users > > > that > > > would otherwise get lost on the command line. Put the users in > > > un-privaledged > > > groups for added security. > > > > > > Alex.. > > > > > > > > > -- > > > redhat-list mailing list > > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > > > > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > -- > "Si la politique pouvait changer notre vie, > cela ferait longtemps qu'elle serait interdite." > - Federation Anarchiste de France - > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
