Re: [gentoo-user] Re: Creating a restricted user
> > then can't log in via GDM. Makes sense. I want the user to be able > > to log in via GDM but not via ssh. Is that configured in ssh? > > Yes, you can configure that in SSH. There are the > > DenyUsers > DenyGroups > > keywords for sshd_config. > > Alexander Thanks Alexander. Even though I'm not running sshd I added 'DenyUsers newuser' just in case. - Grant -- [EMAIL PROTECTED] mailing list
[gentoo-user] Re: Creating a restricted user
> > I'd like to create a really restricted user on my laptop. I don't > > want the user to be able to do much of anything but browse the web, > > use skype, and maybe look at photos on a CD or something. I did this: > > > > useradd -m -G users,audio,cdrom -s /sbin/nologin newuser > > > > How does that look? I've noticed when adding this kind of a user in > > the past they are able to look at files all around the system that I'd > > prefer they can't. Is there a good method for restricting that? > > Maybe remove the users group? Is a weak password OK with this setup > > since there's no shell access? > > Apparently -s /sbin/nologin wasn't such a good idea since the user > then can't log in via GDM. Makes sense. I want the user to be able > to log in via GDM but not via ssh. Is that configured in ssh? > > - Grant I changed the new user's shell like 'chsh -s /bin/bash' and I can now log in in the terminal but not in gdm. Logging in with gdm works fine with my user. Does anyone know what the problem might be there? - Grant -- [EMAIL PROTECTED] mailing list
[gentoo-user] Re: Creating a restricted user
Grant <[EMAIL PROTECTED]> wrote: > then can't log in via GDM. Makes sense. I want the user to be able > to log in via GDM but not via ssh. Is that configured in ssh? Yes, you can configure that in SSH. There are the DenyUsers DenyGroups keywords for sshd_config. Alexander -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Re: Creating a restricted user
Grant написа: >> I'd like to create a really restricted user on my laptop. I don't >> want the user to be able to do much of anything but browse the web, >> use skype, and maybe look at photos on a CD or something. I did this: >> >> useradd -m -G users,audio,cdrom -s /sbin/nologin newuser >> >> How does that look? I've noticed when adding this kind of a user in >> the past they are able to look at files all around the system that I'd >> prefer they can't. Is there a good method for restricting that? >> Maybe remove the users group? Is a weak password OK with this setup >> since there's no shell access? > > Apparently -s /sbin/nologin wasn't such a good idea since the user > then can't log in via GDM. Makes sense. I want the user to be able > to log in via GDM but not via ssh. Is that configured in ssh? > > - Grant Hi Grant, Googling with 'restricted shell' returns some hints: 1.rsh (restricted shell) - looks that it's rather easy exit from it; 2.rssh - works with openssh (allows scp, sftp, rdist, rsync, and cvs); 3. rbash or bash with --restricted IIRC option; 4. check "zsh -r" vaguely remember the syntax, check about festures. HTH. Rumen smime.p7s Description: S/MIME Cryptographic Signature
[gentoo-user] Re: Creating a restricted user
> I'd like to create a really restricted user on my laptop. I don't > want the user to be able to do much of anything but browse the web, > use skype, and maybe look at photos on a CD or something. I did this: > > useradd -m -G users,audio,cdrom -s /sbin/nologin newuser > > How does that look? I've noticed when adding this kind of a user in > the past they are able to look at files all around the system that I'd > prefer they can't. Is there a good method for restricting that? > Maybe remove the users group? Is a weak password OK with this setup > since there's no shell access? Apparently -s /sbin/nologin wasn't such a good idea since the user then can't log in via GDM. Makes sense. I want the user to be able to log in via GDM but not via ssh. Is that configured in ssh? - Grant -- [EMAIL PROTECTED] mailing list