[gentoo-user] Re: Creating a restricted user
Grant [EMAIL PROTECTED] wrote: then can't log in via GDM. Makes sense. I want the user to be able to log in via GDM but not via ssh. Is that configured in ssh? Yes, you can configure that in SSH. There are the DenyUsers DenyGroups keywords for sshd_config. Alexander -- [EMAIL PROTECTED] mailing list
[gentoo-user] Re: Creating a restricted user
I'd like to create a really restricted user on my laptop. I don't want the user to be able to do much of anything but browse the web, use skype, and maybe look at photos on a CD or something. I did this: useradd -m -G users,audio,cdrom -s /sbin/nologin newuser How does that look? I've noticed when adding this kind of a user in the past they are able to look at files all around the system that I'd prefer they can't. Is there a good method for restricting that? Maybe remove the users group? Is a weak password OK with this setup since there's no shell access? Apparently -s /sbin/nologin wasn't such a good idea since the user then can't log in via GDM. Makes sense. I want the user to be able to log in via GDM but not via ssh. Is that configured in ssh? - Grant I changed the new user's shell like 'chsh -s /bin/bash' and I can now log in in the terminal but not in gdm. Logging in with gdm works fine with my user. Does anyone know what the problem might be there? - Grant -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Re: Creating a restricted user
then can't log in via GDM. Makes sense. I want the user to be able to log in via GDM but not via ssh. Is that configured in ssh? Yes, you can configure that in SSH. There are the DenyUsers DenyGroups keywords for sshd_config. Alexander Thanks Alexander. Even though I'm not running sshd I added 'DenyUsers newuser' just in case. - Grant -- [EMAIL PROTECTED] mailing list
[gentoo-user] Re: Creating a restricted user
I'd like to create a really restricted user on my laptop. I don't want the user to be able to do much of anything but browse the web, use skype, and maybe look at photos on a CD or something. I did this: useradd -m -G users,audio,cdrom -s /sbin/nologin newuser How does that look? I've noticed when adding this kind of a user in the past they are able to look at files all around the system that I'd prefer they can't. Is there a good method for restricting that? Maybe remove the users group? Is a weak password OK with this setup since there's no shell access? Apparently -s /sbin/nologin wasn't such a good idea since the user then can't log in via GDM. Makes sense. I want the user to be able to log in via GDM but not via ssh. Is that configured in ssh? - Grant -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Re: Creating a restricted user
Grant написа: I'd like to create a really restricted user on my laptop. I don't want the user to be able to do much of anything but browse the web, use skype, and maybe look at photos on a CD or something. I did this: useradd -m -G users,audio,cdrom -s /sbin/nologin newuser How does that look? I've noticed when adding this kind of a user in the past they are able to look at files all around the system that I'd prefer they can't. Is there a good method for restricting that? Maybe remove the users group? Is a weak password OK with this setup since there's no shell access? Apparently -s /sbin/nologin wasn't such a good idea since the user then can't log in via GDM. Makes sense. I want the user to be able to log in via GDM but not via ssh. Is that configured in ssh? - Grant Hi Grant, Googling with 'restricted shell' returns some hints: 1.rsh (restricted shell) - looks that it's rather easy exit from it; 2.rssh - works with openssh (allows scp, sftp, rdist, rsync, and cvs); 3. rbash or bash with --restricted IIRC option; 4. check zsh -r vaguely remember the syntax, check about festures. HTH. Rumen smime.p7s Description: S/MIME Cryptographic Signature
