account-restrictions

How to lock down Ubuntu linux so that only the active user can log in

How to lock down Ubuntu linux so that only the active user can log in I am new to linux and interested in only allow in login via direct access to the machine (active user). I don’t even want to be able to log in remotely myself. Can someone please point me in the right …

Total answers: 1

How to prevent other users from creating new SSH sessions?

How to prevent other users from creating new SSH sessions? When I work on Linux test server (Debian 11) I have root, and want block other users open new session to this server during my work. Is it possible? Asked By: tuytuy20 || Source Yes, it’s possible. See man sshd_config for information on how to …

Total answers: 2

Does /usr/sbin/nologin have any side effects?

Does /usr/sbin/nologin have any side effects? Background: We have a policy in the company to deactivate the login possibility as much as possible, which is understandable. I am just wondering if there are any other side effects if you specify /usr/sbin/nologin as the login shell of an account? Apart from the login capability are there …

Total answers: 2

How can I set up one-way scp?

How can I set up one-way scp? I’ve got a remote server my.server.com and I’d like to allow another user (stranger) to scp files onto the box. Goals: give as little access to the stranger user as possible stranger should not be able to log in at all if possible, arrange one-way copying – they …

Total answers: 2

Can a command be executed over ssh with a nologin user?

Can a command be executed over ssh with a nologin user? If a user has loginShell=/sbin/nologin is it still possible to ssh user@machine [command] assuming that the user has proper ssh keys in its home directory that can be used to authenticate? My goal is to keep the user as a nologin, but still able …

Total answers: 4

What commands does git use when communicating via ssh?

What commands does git use when communicating via ssh? Using command="" in authorized_keys, I can restrict the commands that can be run by a particular key. What commands do I need to allow in order to have a functioning git remote? From the Pro Git book I can infer that git-upload-pack and git-receive-pack are required, …

Total answers: 2

Restrict password-less backup with SFTP

Restrict password-less backup with SFTP I need to perform backup of a server to my computer using Duplicity: duplicity /etc sftp://backup@my.dynamic.ip.address//home/backup Before this can be done, I need to allow password-less access by doing the following: $ ssh-keygen $ ssh-copy-id backup@my.dynamic.ip.address $ ssh backup@my.dynamic.ip.address My question is, how do I restrict the command to just …

Total answers: 2

Limit FTP access only to the /var/www with vsftpd

Limit FTP access only to the /var/www with vsftpd I am running vsftpd as ftp server on my linux (rasbian), I log in to the machine as a root user. I would like to be still locked to using only /var/www, how can I configure vsftpd conf to accomplish it? Asked By: Badr Hari || …

Total answers: 4

Block Particular Command in Linux for Specific user

Block Particular Command in Linux for Specific user How to block command, let say mkdir for specific user ? What I did just created read-only function and store in users profile ~/.bashrc /bin/mkdir() { echo “mkdir command not allow for you” } mkdir() { echo “mkdir command not allow for you” } ./mkdir() { echo …

Total answers: 5

How can I create automatically expiring user accounts?

How can I create automatically expiring user accounts? This is what I’d like to be able to do: After a user’s account is created, they should be able to ssh-tunnel, but their account is automatically removed after 30 days unless the countdown is reset by the root user. How can I automate this? I’ll have …

Total answers: 3

How to hinder root from running a script

How to hinder root from running a script The Glassfish application server provides scripts to administer the application server and also start and stop them and I would like to restrict the root user from running this script. The reason is that some key developers forget to administer the server as the non-privileged user and …

Total answers: 2

How to add a ssh user who only has permissions to access specific folder?

How to add a ssh user who only has permissions to access specific folder? How to add an ssh user who only has permissions to access specific folder? useradd -d /var/www/xyz.com.tr/musteri -s /bin/bash -g sshd musteri I created a user called musteri. I set its home folder and group. So, I want to integrate musteri …

Total answers: 2

How to restrict an SSH user to only allow SSH-tunneling?

How to restrict an SSH user to only allow SSH-tunneling? How can I restrict a user on the SSH server to allow them only the privileges for SSH TUNNELING? i.e. So they cannot run commands even if they log in via SSH. My Linux servers are Ubuntu 11.04 and OpenWrt. Asked By: LanceBaynes || Source …

Total answers: 3

Do you need a shell for SCP?

Do you need a shell for SCP? I’m allowing a friend a local account on my machine, exclusively for SCP. Can I specify his account’s shell as /bin/true, or in any other way limit the account, while still allowing SCP? Asked By: user4518 || Source I recommend using rsync instead of scp. For users, it …

Total answers: 2

How do I completely disable an account?

How do I completely disable an account? How do I completely disable an account? passwd -l will not allow anyone to log into an account using a password but you can still log in via private/public keys. How would I disable the account completely? As a quickfix I renamed the file to authorized_keys_lockme. Is there …

Total answers: 6

Creating a UNIX account which only executes one command

Creating a UNIX account which only executes one command Is there a way to create a user account in Solaris which allows the users to run one command only? No login shell or anything else. I could possibly do it with /usr/bin/false in /etc/passwd and just get the user to ssh <hostname> <command>, but is …

Total answers: 3