Unix and Linux Stack Exchange
Unix and Linux Stack Exchange

Questions tagged [account-restrictions]

107 questions
68
votes
3 answers

How to restrict an SSH user to only allow SSH-tunneling?

How can I restrict a user on the SSH server to allow them only the privileges for SSH TUNNELING? i.e. So they cannot run commands even if they log in via SSH. My Linux servers are Ubuntu 11.04 and OpenWrt.
LanceBaynes
  • 39,295
  • 97
  • 250
  • 349
51
votes
6 answers

How do I completely disable an account?

How do I completely disable an account? passwd -l will not allow anyone to log into an account using a password but you can still log in via private/public keys. How would I disable the account completely? As a quickfix I renamed the file to…
user4069
47
votes
4 answers

Limit FTP access only to the /var/www with vsftpd

I am running vsftpd as ftp server on my linux (rasbian), I log in to the machine as a root user. I would like to be still locked to using only /var/www, how can I configure vsftpd conf to accomplish it?
Badr Hari
  • 585
  • 1
  • 6
  • 8
40
votes
2 answers

Do you need a shell for SCP?

I'm allowing a friend a local account on my machine, exclusively for SCP. Can I specify his account's shell as /bin/true, or in any other way limit the account, while still allowing SCP?
user4518
28
votes
5 answers

Block Particular Command in Linux for Specific user

How to block command, let say mkdir for specific user ? What I did just created read-only function and store in users profile ~/.bashrc /bin/mkdir() { echo "mkdir command not allow for you" } mkdir() { echo "mkdir command not…
Rahul Patil
  • 24,281
  • 25
  • 80
  • 96
26
votes
2 answers

Give user read/write access to only one directory

I'm running a server, and I need to give read/write access to a particular directory to a single user. I've tried the following: sudo adduser abcd sudo groupadd abcdefg chown -R .abcdefg /var/www/allowfolder chmod -R g+rw…
Manishearth
  • 1,007
  • 2
  • 10
  • 12
25
votes
3 answers

Can a command be executed over ssh with a nologin user?

If a user has loginShell=/sbin/nologin is it still possible to ssh user@machine [command] assuming that the user has proper ssh keys in its home directory that can be used to authenticate? My goal is to keep the user as a nologin, but still able…
Centimane
  • 4,420
  • 2
  • 21
  • 45
24
votes
3 answers

How can I create automatically expiring user accounts?

This is what I'd like to be able to do: After a user's account is created, they should be able to ssh-tunnel, but their account is automatically removed after 30 days unless the countdown is reset by the root user. How can I automate this? I'll have…
Yusufmm
  • 394
  • 1
  • 3
  • 11
18
votes
2 answers

How to add a ssh user who only has permissions to access specific folder?

How to add an ssh user who only has permissions to access specific folder? useradd -d /var/www/xyz.com.tr/musteri -s /bin/bash -g sshd musteri I created a user called musteri. I set its home folder and group. So, I want to integrate musteri users…
Cell-o
  • 505
  • 2
  • 6
  • 17
15
votes
1 answer

Can I restrict a user to use special programs?

Is it possible to add a user and restrict him to run special programs? For example after this user logs in, he can only open Firefox to use Internet and no other programs can be run by this user. For example in a terminal, commands will not be…
M0εiπ
  • 1,259
  • 4
  • 14
  • 21
14
votes
3 answers

Creating a UNIX account which only executes one command

Is there a way to create a user account in Solaris which allows the users to run one command only? No login shell or anything else. I could possibly do it with /usr/bin/false in /etc/passwd and just get the user to ssh , but is…
Will Dowling
  • 143
  • 1
  • 6
14
votes
3 answers

Adding a user who can only execute scripts remotely

I would like to create a user who can only do one thing: via ssh specify a script ( and commandline arguments to the script ) that resides in one particular folder ( for the purposes of this question let us call it /local/remote_only_scripts/foo )…
HandyGandy
  • 2,201
  • 3
  • 23
  • 30
12
votes
2 answers

Restrict password-less backup with SFTP

I need to perform backup of a server to my computer using Duplicity: duplicity /etc sftp://[email protected]//home/backup Before this can be done, I need to allow password-less access by doing the following: $ ssh-keygen $ ssh-copy-id…
Question Overflow
  • 4,568
  • 19
  • 57
  • 84
10
votes
2 answers

How to hinder root from running a script

The Glassfish application server provides scripts to administer the application server and also start and stop them and I would like to restrict the root user from running this script. The reason is that some key developers forget to administer the…
tronda
  • 307
  • 3
  • 12
9
votes
4 answers

Restrict the times a user is allowed to log in

We have several Backbox 3.13 systems built on Ubuntu 12.04. One of my teenagers does not understand the concept of this thing called "sleep" and tends to get up to play on the computer. I'm trying to limit that action. We did try Nanny which worked…
user81117
  • 91
  • 1
  • 2
1
2 3 4 5 6 7 8